Tag: vulnerability
-
Microsoft Patches MSMQ Flaw That Affects IIS Web Servers
Microsoft has released an out-of-band security update to address a significant vulnerability in Message Queuing (MSMQ) functionality that impacts Windows 10 systems running IIS web servers and enterprise environments. The flaw, discovered and documented in the December 9, 2025 update (KB5071546), affects Windows 10 version 22H2 and version 21H2. The Vulnerability The MSMQ bug causes…
-
Roundcube Flaws Let Attackers Execute Malicious Scripts
Roundcube, the widely used open-source webmail software, has officially released critical security updates to address two significant vulnerabilities in its 1.6 and 1.5 LTS (Long-Term Support) versions. These flaws could allow attackers to execute malicious scripts or expose sensitive information, posing a risk to organizations and individuals relying on the platform for email communication. The…
-
Clop Ransomware Group Targets Gladinet CentreStack Servers to Exfiltrate Data
Tags: attack, corporate, cyber, data, exploit, extortion, group, intelligence, Internet, ransomware, vulnerabilityThe notorious Clop ransomware group has launched a new data extortion campaign targeting internet-facing Gladinet CentreStack file servers, exploiting an unknown vulnerability to steal sensitive corporate information. Incident responders from the Curated Intelligence community first identified this campaign, which marks the latest in a series of Clop attacks targeting enterprise file transfer and storage solutions.…
-
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
-
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
-
Exploit-Welle zwingt Unternehmen zum schnellen Update – Google stopft eine aktiv ausgenutzte Chrome-Schwachstelle
First seen on security-insider.de Jump to article: www.security-insider.de/chrome-browser-aktives-angle-exploit-a-7d30d8d636bd2586e106f46e75f03cf6/
-
Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems
Cisco disclosed that a China-linked hacking group exploited a previously unknown vulnerability in its email security products, allowing attackers to compromise systems that sit at the center of enterprise email traffic. The flaw affected Cisco Secure Email Gateway and Secure Email and Web Manager appliances running AsyncOS and was actively exploited before public disclosure. The……
-
Chinese Hackers Exploited a Zero-Day in Cisco Email Security Systems
Cisco disclosed that a China-linked hacking group exploited a previously unknown vulnerability in its email security products, allowing attackers to compromise systems that sit at the center of enterprise email traffic. The flaw affected Cisco Secure Email Gateway and Secure Email and Web Manager appliances running AsyncOS and was actively exploited before public disclosure. The……
-
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies
If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
-
React2Shell is the Log4j moment for front end development
What to look for: In an attack tracked by S-RM, immediately after the threat actor gained access to a targeted company’s network, they ran a hidden PowerShell command, establishing command and control (C2) by downloading a Cobalt Strike PowerShell stager, a tactic regularly used by red teamers, and installing a beacon to allow them to…
-
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies
If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
-
React2Shell is the Log4j moment for front end development
What to look for: In an attack tracked by S-RM, immediately after the threat actor gained access to a targeted company’s network, they ran a hidden PowerShell command, establishing command and control (C2) by downloading a Cobalt Strike PowerShell stager, a tactic regularly used by red teamers, and installing a beacon to allow them to…
-
The Agentic Era is Here: Announcing the 4th Edition of AI API Security For Dummies
If you look at the headlines, the story is about Artificial Intelligence. But if you look at the architecture, the story is about APIs. The reality of modern tech is simple: You can’t have AI security without API security. As we move rapidly from simple chatbots to autonomous agents, the way we secure our infrastructure…
-
Cisco customers hit by fresh wave of zero-day attacks from China-linked APT
Cisco has yet to release a patch for the actively exploited vulnerability, and attacks have been underway since at least late November. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-zero-day-attacks-china-apt/
-
SonicWall Edge Access Devices Hit by Zero-Day Attacks
In the latest attacks against the vendor’s SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/sonicwall-edge-devices-zero-day-attacks
-
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw
Hewlett Packard Enterprise (HPE) fixed a critical OneView flaw that could allow attackers to achieve remote code execution. Hewlett Packard Enterprise (HPE) addressed a maximum-severity security vulnerability, tracked as CVE-2025-37164 (CVSS score of 10.0), in OneView Software. An attacker can exploit the flaw to achieve remote code execution. HPE OneView is an integrated IT management…
-
HPE OneView Vulnerability Allows Remote Code Execution Attacks
Tags: attack, cloud, cve, cvss, cyber, data, flaw, infrastructure, remote-code-execution, risk, software, vulnerabilityA severe security vulnerability has been discovered in Hewlett Packard Enterprise OneView software, threatening enterprise infrastructure across data centers and hybrid cloud environments. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS 3.1 severity score of 10.0, indicating critical risk requiring immediate remediation. The vulnerability permits unauthenticated remote attackers to execute arbitrary code on affected…
-
Actively Exploited ASUS Vulnerability Added to CISA’s KEV List
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, infrastructure, kev, malicious, software, supply-chain, update, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has added a critical ASUS vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-59374 affects ASUS Live Update software and stems from a sophisticated supply chain compromise that embedded malicious code into legitimate software distributions. Supply Chain Attack Details The vulnerability involves…
-
Chinese attackers exploiting zero-day to target Cisco email security products
Chinese hackers have been exploiting a vulnerability in a popular Cisco email management tool since late November, the company said in an advisory. First seen on therecord.media Jump to article: therecord.media/chinese-attackers-zero-day
-
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
Tags: control, cve, cvss, exploit, flaw, infrastructure, remote-code-execution, software, vulnerabilityHewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, could result in remote code execution.The critical vulnerability, assigned the CVE identifier CVE-2025-37164, carries a CVSS score of 10.0. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a First…
-
What the Latest OpenAI Security Breach Reveals About the State of AI Protection
A recent OpenAI-related breach via third-party provider Mixpanel exposes how AI supply chain vulnerabilities enable phishing, impersonation, and regulatory risk”, even without direct system compromise. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/what-the-latest-openai-security-breach-reveals-about-the-state-of-ai-protection/
-
What the Latest OpenAI Security Breach Reveals About the State of AI Protection
A recent OpenAI-related breach via third-party provider Mixpanel exposes how AI supply chain vulnerabilities enable phishing, impersonation, and regulatory risk”, even without direct system compromise. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/what-the-latest-openai-security-breach-reveals-about-the-state-of-ai-protection/
-
Fortinet vulnerabilities prompt pre-holiday warnings
Analysts track exploitation of two vulnerabilities disclosed last week by Fortinet First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636678/Fortinet-vulns-prompt-pre-holiday-warnings
-
Fortinet vulnerabilities prompt pre-holiday warnings
Analysts track exploitation of two vulnerabilities disclosed last week by Fortinet First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636678/Fortinet-vulns-prompt-pre-holiday-warnings
-
Check Point und Lakera veröffentlichen Lagebericht zur Agenten-Sicherheit
Die Sicherheitsforscher fassen die Lage rund um die Sicherheit von Large Language Models zusammen. Über 60 Prozent der Angriffsversuche waren System Prompt Leakages, um die Verhaltensregeln des KI-Models zu testen und abzuleiten, wo sich Schwachstellen befinden First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-und-lakera-veroeffentlichen-lagebericht-zur-agenten-sicherheit/a43236/
-
The Biggest Cyber Stories of the Year: What 2025 Taught Us
Tags: access, attack, authentication, awareness, banking, breach, business, ciso, cloud, compliance, container, control, cyber, cyberattack, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, government, healthcare, iam, identity, incident, incident response, Internet, law, metric, mfa, monitoring, network, privacy, regulation, resilience, risk, service, software, strategy, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-day, zero-trustThe Biggest Cyber Stories of the Year: What 2025 Taught Us madhav Thu, 12/18/2025 – 10:30 2025 didn’t just test cybersecurity; it redefined it. From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk. Data Security…
-
HPE warns of maximum severity RCE flaw in OneView software
Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute arbitrary code remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hpe-warns-of-maximum-severity-rce-flaw-in-oneview-software/
-
More than half of public vulnerabilities bypass leading WAFs
Miggo Security has released a new report that examines how web application firewalls are used across real-world security programs. The research outlines the role WAFs play as … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/18/miggo-research-waf-vulnerability-bypass/
-
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Cisco reported a December 10 campaign…