Tag: cve
-
Rogue Account”‘Creation Flaw Leaves 100″¯K WordPress Sites Exposed
by
in SecurityNewsA severe vulnerability has been uncovered in the SureTriggers WordPress plugin, which could leave over 100,000 websites at risk. The issue, discovered by security researcher mikemyers, allows attackers to create rogue administrative users on sites where the plugin is not properly configured. Vulnerability Details This critical flaw, registered as CVE-2025-3102, is rooted in the plugin’s…
-
Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes
by
in SecurityNewsCybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk.The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) vulnerability that could lead to a container escape attack and allow for First…
-
Dell Alerts Users to Critical PowerScale OneFS Flaws Enabling Account Takeover
by
in SecurityNewsDell Technologies has issued an urgent security advisory to its users, warning of several critical vulnerabilities in its PowerScale OneFS operating system. These flaws, if exploited, could allow attackers to take over high-privileged user accounts, bypass authorization controls, and disrupt system operations. The vulnerabilities, tracked under multiple CVEs, range in severity and attack vectors. They…
-
Ransomware-Attacken stoßen in Windows-Lücke
by
in SecurityNews
Tags: access, backdoor, bug, cve, cvss, cyberattack, exploit, kaspersky, malware, microsoft, ransomware, update, vulnerability, windowsCyberkriminelle missbrauchen eine Sicherheitslücke in Windows, um eine Backdoor-Malware und Ransomware einzuschleusen.Sicherheitsforscher von Microsoft haben eine Schwachstelle im CLFS-Treiber (Common Log File System) von Windows entdeckt, die Angreifern Systemrechte verleiht. Sie wird als CVE-2025-29824 geführt, die mit einem CVSS-Wert von 7,8 über einen hohen Schweregrad verfügt.Laut einem Blogbeitrag der Forscher wurde die Lücke bereits für…
-
CISA Alerts on Actively Exploited Linux Kernel OutBounds Read Flaw
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued alerts regarding two actively exploited vulnerabilities in the Linux Kernel. The flaws, tagged as CVE-2024-53197 and CVE-2024-53150, both reside in the USB-audio driver. These vulnerabilities could potentially allow attackers to manipulate system memory, escalate privileges, or access sensitive information. CVE-2024-53197: Linux Kernel Out-of-Bounds Access Vulnerability The…
-
PAN-OS DoS Vulnerability Allows Attackers to Force Repeated Firewall Reboots
by
in SecurityNewsA newly disclosed denial-of-service (DoS) vulnerability in Palo Alto Networks’ PAN-OS software enables attackers to force firewalls into repeated reboots using maliciously crafted packets. Tracked asCVE-2025-0128, the flaw impacts SCEP (Simple Certificate Enrollment Protocol) authentication and poses significant risks to unpatched systems. The vulnerability,CVE-2025-0128, enables unauthenticated attackers to disrupt network operations by sending a single…
-
Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day
by
in SecurityNewsOne CVE was used against “a small number of targets.” Windows 10 users needed to wait a little bit for their patches. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-patch-tuesday-april-2025/
-
CrushFTP Exploitation Continues Amid Disclosure Dispute
by
in SecurityNewsAttacks on a critical authentication bypass flaw in CrushFTP’s file transfer product continue this week after duplicate CVEs sparked confusion. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/crushftp-exploitation-disclosure-dispute
-
Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
by
in SecurityNewsMicrosoft warns CVE-2025-29824 lets attackers with user access escalate privileges to deploy ransomware via a flaw in Windows CLFS. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-common-log-file-system-vulnerability/
-
Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
by
in SecurityNewsFortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. Fortinet has released security updates to address a critical vulnerability, tracked as CVE-2024-48887 (CVSS score 9.8), in its FortiSwitch devices. A remote attacker can exploit the vulnerability to change administrator passwords. >>An unverified password change vulnerability [CWE-620]…
-
Patch Tuesday Update April 2025
by
in SecurityNewsIn total, including third-party CVEs, in this Patch Tuesday edition, Microsoft published 134 CVEs, including 9 republished CVEs. Overall, Microsoft announced one Zero-Day, 11 Critical, and 113 Important vulnerabilities. From an Impact perspective, Escalation of Privilege (EoP) vulnerabilities accounted for 39%, followed by Remote Code Execution (RCE) at 28% and Information Disclosure (ID) at 13%….…
-
Microsoft Warns of Ransomware Attacks Exploiting CVE-2025-29824 Zero-Day
by
in SecurityNewsOn April 8, 2025, Microsoft released its monthly security updates, addressing a total of 121 vulnerabilities across various products. Among these, CVE-2025-29824, a zero-day vulnerability in the Windows Common Log File System (CLFS) Driver, has been actively exploited in ransomware… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-29824-zero-day-ransomware-attacks/
-
WK Kellogg informiert über Datendiebstahl
by
in SecurityNewsDer für seine Cornflakes bekannte Lebensmittelkonzern WK Kellogg wurde um Daten beraubt.WK Kellogg, bekannt für seine Frühstücksprodukte wie Cornflakes und Frosties, teilte kürzlich mit, dass bei einem Angriff im Jahr 2024 Unternehmensdaten gestohlen wurden. In einer Mitteilung an die zuständigen Behörden heißt es, dass zu den offengelegten Daten auch Namen und Sozialversicherungsnummern gehören. Nach eigenen…
-
U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws, respectively tracked as CVE-2025-30406 and CVE-2025-29824, to its…
-
NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue
by
in SecurityNewsNIST, which for more than a year has been struggling to address a backlog of CVEs in its database following budget cuts, is now putting pre-2018 vulnerabilities on the back burner to give itself more time to address the rapidly growing number of new software security flaws. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/nist-deprioritizes-pre-2018-cves-as-backlog-struggles-continue/
-
Unicorn Bug: Erster Angriff in freier Wildbahn
by
in SecurityNewsVor kurzem hat Microsoft ein Patch für eine kritische Schwachstelle veröffentlicht, die im Internet Explorer (IE) eine Remote-Code-Execution ermöglicht. Die Schwachstelle, bekannt als Unicorn Bug CVE-2014-6332, wurde bereits im Mai dieses Jahres von einem Forscher des IBM X-Force Security Teams entdeckt. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2014/11/25/unicorn-bug-erster-angriff-freier-wildbahn/
-
Over 5K Ivanti VPNs vulnerable to critical bug under attack
by
in SecurityNewsChina-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/5k-ivanti-vpns-vulnerable-critical-flaw-under-attack/744748/
-
Zoom Workplace Apps Vulnerability Enables Malicious Script Injection Through XSS Flaws
by
in SecurityNewsA newly disclosed vulnerability in Zoom Workplace Apps (tracked as CVE-2025-27441 and CVE-2025-27442) allows attackers to inject malicious scripts via cross-site scripting (XSS) flaws, posing risks to millions of users globally. The medium-severity vulnerability, with a CVSS score of 4.6, enables unauthenticated attackers on adjacent networks to compromise meeting integrity by executing arbitrary code. Zoom…
-
WhatsApp fixed a spoofing flaw that could enable Remote Code Execution
by
in SecurityNewsWhatsApp addressed a flaw, tracked as CVE-2025-30401, that could allow attackers to trick users and enable remote code execution. WhatsApp released a security update to address a vulnerability, tracked as CVE-2025-30401, that could let attackers trick users and enable remote code execution. The spoofing flaw impacts WhatsApp for Windows before version 2.2450.6. An attacker could…
-
NIST Defers Pre-2018 CVEs to Tackle Growing Vulnerability Backlog
by
in SecurityNewsNIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-defers-pre-2018-cves/
-
WhatsApp Vulnerability Could Facilitate Remote Code Execution
by
in SecurityNewsAn update for the WhatsApp desktop app for Windows patches CVE-2025-30401, a spoofing vulnerability that could be used to trick users. The post WhatsApp Vulnerability Could Facilitate Remote Code Execution appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/whatsapp-vulnerability-could-facilitate-remote-code-execution/
-
Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk
by
in SecurityNewsMore than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers. The post Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploited-vulnerability-puts-5000-ivanti-vpn-appliances-at-risk/
-
NIST Declares Pre-2018 CVEs Will Be Labeled as ‘Deferred’
by
in SecurityNewsThe National Institute of Standards and Technology (NIST) has announced that all Common Vulnerabilities and Exposures (CVEs) with a publication date before January 1, 2018, will now be marked with a >>Deferred
-
CISA Warns of CrushFTP Vulnerability Exploitation in the Wild
by
in SecurityNewsThe US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/crushftp-vulnerability-cisa-kev/
-
CISA Warns of CrushFTP Exploit Letting Attackers Bypass Authentication
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has recently added a new vulnerability to its Known Exploited Vulnerabilities Catalog. The vulnerability, identified as CVE-2025-31161, is an Authentication Bypass Vulnerability in CrushFTP, a widely used FTP server software. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-adds-cve-2025-31161-to-kev-catalog/
-
Google fixed two actively exploited Android zero-days
by
in SecurityNewsGoogle addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days. Google released Android ‘s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities (CVE-2024-53197, CVE-2024-53150) exploited in targeted attacks. The vulnerability CVE-2024-53197 is a Linux kernel issue affecting ALSA USB audio. Malicious devices…
-
Warum 100 % Patches nicht das ultimative Ziel sind
by
in SecurityNewsWenn es um Cybersicherheit geht, erscheint das Patchen von Schwachstellen oft wie der Heilige Gral. Wenn die CVEs (Common Vulnerabilities and Exposures, häufige Schwachstellen und Risiken in Computersystemen) gepatcht sind, ist man sicher, oder? Nun, nicht ganz. Leider ist Patchen nicht so einfach oder so effektiv wie Unternehmen glauben. Angesichts begrenzter Ressourcen, Geschäftsunterbrechungen… First seen…