Tag: vulnerability
-
Apache Struts Flaw Allows Attackers to Launch Disk Exhaustion Attacks
A new security flaw has been found in Apache Struts, a popular open”‘source web application framework used by many companies worldwide. The issue, tracked as CVE”‘2025″‘64775, could allow attackers to fill a server’s disk space, causing it to stop working correctly. Field Details CVE ID CVE-2025-64775 Vulnerability Title Apache Struts flaw allows attackers to launch disk…
-
Qualcomm Issues Critical Security Alert Over Secure Boot Vulnerability
Qualcomm warned partners and device manufacturers about multiple newly discovered vulnerabilities that span its chipset ecosystem. The Qualcomm released a detailed security bulletin on December 1, 2025, outlining six high-priority weaknesses in its proprietary software, including one flaw that directly compromises the secure boot process, one of the most sensitive stages in a device’s startup…
-
Qualcomm Issues Critical Security Alert Over Secure Boot Vulnerability
Qualcomm warned partners and device manufacturers about multiple newly discovered vulnerabilities that span its chipset ecosystem. The Qualcomm released a detailed security bulletin on December 1, 2025, outlining six high-priority weaknesses in its proprietary software, including one flaw that directly compromises the secure boot process, one of the most sensitive stages in a device’s startup…
-
Ransomware Threats Moving Out to the Edge
Rapid7’s Christiaan Beek on Ransomware Tactics and How to Mitigate Attacks in 2026. Ransomware attacks are reaching record highs, and 2026 may be even worse, said Christiaan Beek, senior director of threat intel and analytics at Rapid7. He warns that hackers are exploiting vulnerabilities as soon as they’re disclosed, and they’re focusing on flaws in…
-
Google addresses 107 Android vulnerabilities, including two zero-days
The company’s latest security update contains the second-highest number of defects patched so far this year. First seen on cyberscoop.com Jump to article: cyberscoop.com/android-security-update-december-2025/
-
The Dual Role of AI in Cybersecurity: Shield or Weapon?
Artificial intelligence isn’t just another tool in the security stack anymore it’s changing how software is written, how vulnerabilities spread and how long attackers can sit undetected inside complex environments. Security researcher and startup founder Guy Arazi unpacks why AI has become both a powerful defensive accelerator and a force multiplier for adversaries, especially.. First…
-
The Dual Role of AI in Cybersecurity: Shield or Weapon?
Artificial intelligence isn’t just another tool in the security stack anymore it’s changing how software is written, how vulnerabilities spread and how long attackers can sit undetected inside complex environments. Security researcher and startup founder Guy Arazi unpacks why AI has become both a powerful defensive accelerator and a force multiplier for adversaries, especially.. First…
-
Microsoft gives Windows admins a legacy migration headache with WINS sunset
Tags: attack, control, cyber, dns, exploit, hacker, infrastructure, malicious, microsoft, network, open-source, penetration-testing, risk, service, technology, tool, vulnerability, windowsWhy WINS is still in use: Organizations still using WINS are likely to fall into one of two categories: those using it to support old technologies with long lifecycles such as operational technology (OT) systems, and those that have simply half-forgotten that they are still using it.”For OT stacks built around WINS/NetBIOS, replacing them isn’t…
-
The CISO’s paradox: Enabling innovation while managing risk
Tags: access, attack, authentication, breach, business, ciso, control, data, detection, firewall, governance, identity, infrastructure, jobs, mitigation, risk, service, threat, tool, vulnerability, waf, zero-daySet risk tolerances and guardrails: Teams slow down when they are unsure how to proceed. Take away some of the decision-making and ensure an integration of authentication, authorization and accounting into the development process. For authentication, establish and leverage enterprise identity management solutions rather than allowing the development of accounts written to databases that can…
-
Global Futures Reopen After CME Suffers Data Center Cooling Failure
A data center cooling failure at CME Group’s Chicago site froze global derivatives trading for hours, exposing vulnerabilities in financial infrastructure. The post Global Futures Reopen After CME Suffers Data Center Cooling Failure appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-global-futures-cme-data-center-cooling-failure/
-
Devolutions Server Hit by SQL Injection Flaw Allowing Data Theft
A critical security vulnerability has been discovered in Devolutions Server, a popular centralized password and privileged access management solution. The flaw, rated critical severity by experts, could allow attackers to steal sensitive data or modify internal records. Devolutions, the company behind the software, released a security advisory (DEVO-2025-0018) on November 27, 2025, detailing three separate…
-
Qualcomm Alerts Users to Critical Flaws That Compromise the Secure Boot Process
Qualcomm Technologies, Inc. has issued an urgent security bulletin warning customers about multiple critical vulnerabilities affecting millions of devices worldwide. The most severe flaw threatens the secure boot process, a fundamental security mechanism that protects devices from malicious software during startup. The security update, published today, addresses six high-priority vulnerabilities discovered in Qualcomm’s proprietary software.…
-
Devolutions Server Hit by SQL Injection Flaw Allowing Data Theft
A critical security vulnerability has been discovered in Devolutions Server, a popular centralized password and privileged access management solution. The flaw, rated critical severity by experts, could allow attackers to steal sensitive data or modify internal records. Devolutions, the company behind the software, released a security advisory (DEVO-2025-0018) on November 27, 2025, detailing three separate…
-
Airbus Nears Completion of A320 Retrofit as Regulators Monitor Largest Emergency Recall in Company History
Airbus has entered the final phase of its unprecedented global retrofit effort, confirming that fewer than 100 A320s in service still require updates after the discovery of a software vulnerability that triggered the largest emergency recall the manufacturer has ever executed. The company disclosed on Monday that nearly the entire A320-family fleet, about 6,000 aircraft…
-
U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26829 (CVSS score of 5.4), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a cross-site scripting (XSS) flaw that impacts Windows and Linux versions via system_settings.shtm.…
-
U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26829 (CVSS score of 5.4), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a cross-site scripting (XSS) flaw that impacts Windows and Linux versions via system_settings.shtm.…
-
PoC Released for Outlook “MonikerLink” RCE Flaw Allowing Remote Code Execution
Security researchers have released a proof-of-concept (PoC) exploit for CVE-2024-21413, a critical remote code execution vulnerability in Microsoft Outlook dubbed >>MonikerLink.
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 73
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Morphisec Thwarts Russian-Linked…
-
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, linux, software, vulnerability, windows, xssThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via First seen on…
-
Schwachstellen in Fluent Bit gefährdeten USInstanzen
Cloud-Anbieter wie AWS, Microsoft oder Google verwenden die Open Source-Software Fluent Bit zur Erfassung von Telemetriedaten (Monitoring). Gleich fünf Schwachstellen in dieser Software hätten die Remote-Übernahme von Containern, die auf den entsprechenden Cloud-Instanzen gehostet wurden, ermöglichet. Nutzer sollten die Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/30/schwachstellen-in-oss-tool-fluent-bit-gefaehrdete-us-cloud-instanzen/
-
HashJack Attack Uses URL ‘#’ to Control AI Browser Behavior
Tags: ai, attack, control, cybersecurity, flaw, google, malicious, microsoft, network, vulnerabilityCybersecurity firm Cato Networks reveals HashJack, a new AI browser vulnerability using the ‘#’ symbol to hide malicious commands. Microsoft and Perplexity fixed the flaw, but Google’s Gemini remains at risk. First seen on hackread.com Jump to article: hackread.com/hashjack-attack-url-control-ai-browser-behavior/
-
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.Software supply chain security company ReversingLabs said it found the “vulnerability” in bootstrap files provided by a build and deployment automation tool named “zc.buildout.””The…
-
Brit telco Brsk confirms breach as bidding begins for 230K+ customer records
Crims claim to know which customers are marked ‘vulnerable’ First seen on theregister.com Jump to article: www.theregister.com/2025/11/28/brsk_breach/
-
Google-Antigravity-Lücke: KI-Coding-Tool anfällig für Angriffe
Eine Sicherheitslücke in Googles KI-Coding-Tool Antigravity erlaubt es Angreifern, Schadcode einzuschleusen.Anfang November brachte Google sein KI-gestütztes Coding-Tool Antigravity an den Start. Doch bereits nach 24 Stunden sind Forscher des Security-Anbieters Mindgard auf eine schwerwiegende Schwachstelle gestoßen, über die eine dauerhafte Backdoor und Schadcode installiert werden kann.Der kürzlich veröffentlichte Forschungsbericht weist darauf hin, dass sich das…
-
New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption
ShadowV2, a new Mirai-based botnet, briefly targeted vulnerable IoT devices during October’s AWS outage, likely as a test run. During the late-October AWS disruption, FortiGuard Labs researchers observed the Mirai-based ‘ShadowV2’ malware exploiting IoT vulnerabilities across multiple countries and industries. The botnet was active only during the outage, suggesting a test run for future attacks.…
-
Schwachstelle in der Contact-Discovery-Funktion – 3,5 Milliarden WhatsApp-Konten ausgelesen
Tags: vulnerabilityFirst seen on security-insider.de Jump to article: www.security-insider.de/whatsapp-sicherheitsluecke-datenleck-universitaet-wien-a-bbaee1016ac2369f6e91a4c051b25b2e/
-
Fragmented tooling slows vulnerability management
Security leaders know vulnerability backlogs are rising, but new data shows how quickly the gap between exposures and available resources is widening, according to a new … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/28/hackuity-vulnerability-management-trends-report/
-
Security researchers caution app developers about risks in using Google Antigravity
CSOonline that the nature of the flaw makes it difficult to mitigate. “Strong identity would not help mitigate this issue, because the actions undertaken by Antigravity are occurring with the identity of the user running the application,” he said. “As far as the operating system can tell, they are indistinguishable. Access management control could possibly…