Tag: cve

Microsoft Fixes Three Zero-Days in Final Patch Tuesday of 2025

Dec 10, 2025 11:32 AM

Tags: cve, microsoft, update, zero-day

December’s Patch Tuesday sees the release of patches for over 50 CVEs including three zero-days First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-three-zerodays-patch/
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws

Dec 10, 2025 6:32 AM

Tags: authentication, cve, exploit, flaw, fortinet, ivanti, sap, vulnerability

Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution.The Fortinet vulnerabilities affect FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager and relate to a case of improper verification of a cryptographic signature. They are tracked as CVE-2025-59718 and First seen…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…
Ivanti warns customers of new EPM flaw enabling remote code execution

Dec 10, 2025 12:32 AM

Tags: cve, endpoint, flaw, ivanti, remote-code-execution, software, vulnerability, xss

Ivanti warns users to address a newly disclosed Endpoint Manager vulnerability that could let attackers execute code remotely. Software firm Ivanti addressed a newly disclosed vulnerability, tracked as CVE-2025-10573 (CVSS score 9.6), in its Endpoint Manager (EPM) solution. The vulnerability is a Stored XSS that could allow a remote unauthenticated attacker to execute arbitrary >>Stored…
Microsoft patched over 1,100 CVEs in 2025

Dec 9, 2025 11:32 PM

Tags: cve, microsoft, update

The final Patch Tuesday update of the year brings 56 new CVEs, bringing the year-end total to over 1,100. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636275/Microsoft-patched-over-1100-CVEs-in-2025
Burp Suite Upgrades Scanner With Detection for Critical React2Shell Flaws

Dec 9, 2025 2:32 PM

Tags: cve, cyber, detection, flaw, penetration-testing, tool, update, vulnerability

ActiveScan++, a widely used extension for the popular penetration testing tool Burp Suite, has released a significant upgrade. The scanner now includes specific detection capabilities for the critical >>React2Shell
Burp Suite Upgrades Scanner With Detection for Critical React2Shell Flaws

Dec 9, 2025 2:32 PM

Tags: cve, cyber, detection, flaw, penetration-testing, tool, update, vulnerability

ActiveScan++, a widely used extension for the popular penetration testing tool Burp Suite, has released a significant upgrade. The scanner now includes specific detection capabilities for the critical >>React2Shell
Warnung von Apache vor kritischer Schwachstelle in Tika-Modul

Dec 9, 2025 6:32 AM

Tags: apache, cve, cvss, software, vulnerability

Zum 4. Dezember 2025 haben die Apache-Software-Foundation vor einer kritischer Schwachstelle im Tika-Modul gewarnt. Der Schwachstelle CVE-2025-66516 wurde ein CVSS-Score von 10.0 (höchster Wert) zugewiesen. Tika erkennt und extrahiert Metadaten aus über 1.000 verschiedenen Dateiformaten. In der Mitteilung CVE-2025-66516: Apache Tika … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/07/warnung-von-apache-vor-kritischer-schwachstelle-in-tika-modul/
Kritische Sicherheitslücke CVE-2025-61260 in OpenAI Codex CLI

Dec 9, 2025 12:32 AM

Tags: bug, cve, cyberattack, openai

Kleiner Infosplitter, der mir von den Sicherheitsforschern von Check Point Research (CPR) zugegangen ist. Die sind kürzlich in OpenAIs Codex CLI auf die kritische Sicherheitslücke CVE-2025-61260 gestoßen. Diese ermöglichte Angriffe über lokale Projektdateien, stille Code-Ausführung, Infiltration und Datenklau. Was ist … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/kritische-sicherheitsluecke-cve-2025-61260-in-openai-codex-cli/
Apache Issues Max-Severity Tika CVE After Patch Miss

Dec 8, 2025 11:32 PM

Tags: advisory, apache, cve, flaw, software, update, vulnerability

The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
Apache Issues Max-Severity Tika CVE After Patch Miss

Dec 8, 2025 11:32 PM

Tags: advisory, apache, cve, flaw, software, update, vulnerability

The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
Apache Issues Max-Severity Tika CVE After Patch Miss

Dec 8, 2025 11:32 PM

Tags: advisory, apache, cve, flaw, software, update, vulnerability

The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
Exploitation Activity Ramps Up Against React2Shell

Dec 8, 2025 11:32 PM

Tags: attack, cve, exploit, threat

Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/exploitation-activity-ramps-react2shell
Exploitation Activity Ramps Up Against React2Shell

Dec 8, 2025 11:32 PM

Tags: attack, cve, exploit, threat

Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/exploitation-activity-ramps-react2shell
Exploitation Activity Ramps Up Against React2Shell

Dec 8, 2025 11:32 PM

Tags: attack, cve, exploit, threat

Attacks against CVE-2025-55182, which began almost immediately after public disclosure last week, have increased as more threat actors take advantage of the flaw. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/exploitation-activity-ramps-react2shell
Oracle EBS zero-day used by Clop to breach Barts Health NHS

Dec 8, 2025 5:32 PM

Tags: breach, business, cve, cybercrime, dark-web, data, data-breach, exploit, group, leak, oracle, ransomware, zero-day

Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day CVE-2025-61882 in its Oracle E-Business Suite. The cybercrime group added the organization to its dark web data leak site and leaked the stolen information. The…
AWS: China-linked threat actors weaponized React2Shell hours after disclosure

Dec 8, 2025 3:32 PM

Tags: china, cve, data, exploit, flaw, intelligence, service, threat, vulnerability

Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-55182, also known as the React2Shell flaw, within hours, according to AWS Security. The researchers confirmed that this vulnerability doesn’t affect AWS services, however they opted to share threat intelligence data to…
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

Dec 8, 2025 11:32 AM

Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerability

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a a Meta React Server Components flaw, tracked as CVE-2025-55182 (CVSS Score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a pre-authentication remote code execution…
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

Dec 8, 2025 11:32 AM

Tags: attack, botnet, cve, data, exploit, flaw, framework, rce, remote-code-execution, vulnerability, wordpress

A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August…
Critical Cal.com Flaw Allows Attackers to Bypass Authentication Using Fake TOTP Codes

Dec 8, 2025 7:35 AM

Tags: access, authentication, cve, cvss, cyber, exploit, flaw, password, unauthorized, vulnerability

Cal.com has disclosed a critical authentication bypass vulnerability that could allow attackers to gain unauthorized access to user accounts by exploiting a flaw in password verification logic. The flaw, tracked as CVE-2025-66489 and assigned a critical CVSS v4 score of 9.3, affects all versions of Cal.com up to and including 5.9.7. Users are urged to…
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code

Dec 8, 2025 7:35 AM

Tags: attack, cve, cvss, cyber, exploit, flaw, framework, malicious, rce, remote-code-execution, vulnerability

A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked asCVE-2025-55182and dubbed >>React2Shell,
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code

Dec 8, 2025 7:35 AM

Tags: attack, cve, cvss, cyber, exploit, flaw, framework, malicious, rce, remote-code-execution, vulnerability

A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked asCVE-2025-55182and dubbed >>React2Shell,
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Dec 6, 2025 1:32 PM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an…
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation

Dec 6, 2025 1:32 PM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an…