Tag: dos
-
Apache Tomcat Coyote Flaw Allows Attackers to Launch DoS Attacks
by
in SecurityNewsThe Apache Software Foundation has revealed a vulnerability in the Tomcat Coyote module, specifically within the Maven artifact org.apache.tomcat:tomcat-coyote, that could enable malicious actors to orchestrate denial-of-service (DoS) attacks. This flaw stems from an uncontrolled resource consumption issue tied to HTTP/2 protocol handling, potentially allowing attackers to overwhelm server resources by manipulating stream concurrency limits.…
-
Next.js Vulnerability Allows Attackers to Trigger DoS via Cache Poisoning
by
in SecurityNewsA critical vulnerability, tracked asCVE-2025-49826, has been discovered and addressed in the popular React-based web framework, Next.js. The flaw, present in versions >=15.1.0 and <15.1.8, allowed attackers to exploit a cache poisoning bug, potentially leading to a Denial of Service (DoS) condition for affected applications, as per a report by Vercel. CVE ID Affected Versions Severity…
-
Multiple PHP Vulnerabilities Enables SQLi and DoS Attacks Update Now
by
in SecurityNewsSecurity researchers have disclosed two significant vulnerabilities in PHP, the popular server-side scripting language, that could allow attackers to launch SQL injection (SQLi) and Denial of Service (DoS) attacks. According to the report, Administrators and developers are urged to update their PHP installations immediately to mitigate these risks. CVE ID Component Severity Affected Versions Patched…
-
ModSecurity WAF Vulnerability Enables DoS Using Empty XML Elements
by
in SecurityNewsA newly disclosed vulnerability in ModSecurity, a widely used open-source web application firewall (WAF), exposes servers to denial-of-service (DoS) attacks by exploiting a flaw in the way the software parses empty XML elements. The flaw, registered asCVE-2025-52891, affects ModSecurity versions2.9.8 to before 2.9.11and is rated with aCVSS v3 base score of 6.5 (moderate severity). Vulnerability…
-
CVE-2025-5777, CVE-2025-6543: Frequently Asked Questions About CitrixBleed 2 and Citrix NetScaler Exploitation
by
in SecurityNewsFrequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding CVE-2025-5777 and CVE-2025-6543, two Citrix NetScaler ADC and Gateway vulnerabilities that have…
-
Frequently Asked Questions About Iranian Cyber Operations
by
in SecurityNews
Tags: access, advisory, api, apt, attack, authentication, awareness, cisa, cloud, credentials, cve, cyber, cybersecurity, data, data-breach, defense, dos, exploit, finance, framework, government, group, Hardware, identity, infrastructure, injection, Internet, iran, ivanti, malware, mfa, microsoft, middle-east, military, mitre, monitoring, network, password, ransomware, rce, remote-code-execution, risk, service, software, supply-chain, tactics, technology, terrorism, threat, tool, update, vpn, vulnerability, windowsTenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors. Background Tenable’s Research Special Operations (RSO) team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding Iranian cyber operations in the wake of the recent conflict and…
-
Pre-Auth Flaw in MongoDB Server Allows Attackers to Cause DoS
by
in SecurityNewsA critical pre-authentication vulnerability (CVE-2025-6709) in MongoDB Server enables unauthenticated attackers to trigger denial-of-service (DoS) conditions by exploiting improper input validation in OIDC authentication. The flaw allows malicious actors to crash database servers by sending specially crafted JSON payloads containing specific date values, causing invariant failures and server crashes. This vulnerability affects MongoDB Server versions…
-
Citrix warns of NetScaler vulnerability exploited in DoS attacks
by
in SecurityNewsCitrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/citrix-warns-of-netscaler-vulnerability-exploited-in-dos-attacks/
-
Realtek Bluetooth Flaw Allows Attackers to Launch DoS Attacks During Pairing
by
in SecurityNewsA critical vulnerability in Realtek’s Bluetooth Low Energy (BLE) implementation enables attackers to launch denial-of-service (DoS) attacks during device pairing. The flaw (CVE-2024-48290) affects Realtek RTL8762E BLE SDK v1.4.0, allowing malicious actors to disrupt connections by exploiting protocol inconsistencies. Attackers can send a crafted ll_terminate_ind packet or inject premature pairing data, crashing the target device’s Bluetooth stack…
-
Cyberangriff auf das Gesundheits- und Sozialministerium in Paraguay
by
in SecurityNewsNuevo ataque cibernético a dos instituciones del Estado First seen on hoy.com.py Jump to article: www.hoy.com.py/nacionales/2025/06/23/nuevo-ataque-cibernetico-a-dos-instituciones-del-estado
-
Cyberangriff auf eine Justizbehörde in Paraguay
by
in SecurityNewsNuevo ataque cibernético a dos instituciones del Estado First seen on hoy.com.py Jump to article: www.hoy.com.py/nacionales/2025/06/23/nuevo-ataque-cibernetico-a-dos-instituciones-del-estado
-
CVE-2025-49763 Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin
by
in SecurityNewsRemote attackers can trigger an avalanche of internal ESI requests, exhausting memory and causing denial-of-service in Apache Traffic Server. Executive Summary Imperva’s Offensive Security Team discovered CVE-2025-49763, a high-severity vulnerability (CVSS v3.1 estimated score: 7.5) in Apache Traffic Server’s ESI plugin that enables unauthenticated attackers to exhaust memory and potentially crash proxy nodes. Given ATS’s……
-
Apache Tomcat Flaws Allow Auth Bypass and DoS Attacks
by
in SecurityNews
Tags: apache, attack, authentication, cyber, dos, flaw, open-source, service, software, update, vulnerabilityThe Apache Software Foundation has released critical security updates to address four newly discovered vulnerabilities in Apache Tomcat, one of the world’s most widely used open-source Java servlet containers. These flaws, affecting Tomcat versions 9.0, 10.1, and 11.0, expose systems to denial-of-service (DoS) attacks, privilege escalation, installer abuse, and authentication bypass, prompting urgent calls for…
-
Ungepatchte Lücken ermöglichen Übernahme von GitLab-Konten
by
in SecurityNews
Tags: access, authentication, best-practice, bug, ceo, ciso, cve, cvss, cyberattack, dos, github, gitlab, incident response, injection, jobs, mfa, password, risk, sans, service, software, update, vulnerabilityExperten warnen vor einem neuen Bug in GitLab.Eine neue Sicherheitslücke in der Ultimate Enterprise Edition von GitLab ist laut einem Experten ‘gefährlich” und muss schnell gepatcht werden.Die Schwachstelle mit der Bezeichnung CVE-2025-5121 ist eine von zehn, die GitLab am Mittwoch bei der Veröffentlichung von Bugfixes und Sicherheits-Updates für selbstverwaltete Installationen beschrieben hat.’Wir empfehlen dringend, alle…
-
Ransomware bei einer Stadtverwaltung in Brasilien
by
in SecurityNewsApós sofrer ataque cibernético, Prefeitura retoma a regularidade dos serviços online First seen on chapadaodosul.ms.gov.br Jump to article: www.chapadaodosul.ms.gov.br/portal/noticias/0/3/1234/apos-sofrer-ataque-cibernetico-prefeitura-retoma-a-regularidade-dos-servicos-online
-
PoC Exploit Released for Apache Tomcat DoS Vulnerability
by
in SecurityNewsA critical memory leak vulnerability in Apache Tomcat’s HTTP/2 implementation (CVE-2025-31650) has been weaponized, enabling unauthenticated denial-of-service attacks through malformed priority headers. The flaw affects Tomcat versions 9.0.769.0.102, 10.1.1010.1.39, and 11.0.0-M211.0.5, with public exploits already circulating 12. Vulnerability Mechanics and Attack Vector According to the report, the vulnerability stems from the improper cleanup of failed…
-
Wireshark Vulnerability Allows Attackers to Launch DoS Attacks
by
in SecurityNewsA critical security vulnerability, tracked as CVE-2025-5601, was disclosed on June 4, 2025, affecting Wireshark versions 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12. This flaw, identified as >>Dissection engine crash
-
New Windows RAT Evades Detection for Weeks Using Corrupted DOS and PE Headers
by
in SecurityNewsCybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet.The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable.While the DOS header makes the executable file…
-
Siemens SiPass Flaw Allows Remote Attackers to Cause DoS Conditions
by
in SecurityNewsSiemens has released a security advisory (SSA-041082) concerning a critical out-of-bounds read vulnerability, tracked as CVE-2022-31812, affecting all SiPass integrated versions before V2.95.3.18. The flaw, if exploited, could allow unauthenticated remote attackers to trigger a denial of service (DoS) condition, potentially disrupting access control operations for organizations relying on SiPass for physical security management. The…
-
Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks
by
in SecurityNewsGitLab has issued critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with three high-risk flaws enabling denial-of-service (DoS) attacks dominating the threat landscape. The coordinated release of versions 18.0.1, 17.11.3, and 17.10.7 comes as the DevOps platform confronts multiple attack vectors that could destabilize systems through resource…
-
PowerDNS Vulnerability Allows Attackers to Trigger DoS Attacks Through Malicious TCP Connections
by
in SecurityNewsPowerDNS has released a critical security update to address a vulnerability in its DNSdist load balancer that could allow remote attackers to trigger denial of service attacks without authentication. The issue, tracked as CVE-2025-30193, was patched in version 1.9.10 released on May 20, 2025. Security researchers warn that organizations using DNSdist should apply this update…
-
Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition
by
in SecurityNews
Tags: apache, attack, cyber, dos, flaw, malicious, mitigation, open-source, service, software, vulnerabilityCritical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing malicious actors to exhaust system memory through specially crafted OpenWire commands. The flaw, tracked as AMQ-6596, affects multiple legacy versions of the widely used open-source messaging platform and has prompted urgent mitigation directives from the Apache Software Foundation. The vulnerability stems…
-
Cisco IOS Software SISF Vulnerability Could Enable Attackers to Launch DoS Attacks
by
in SecurityNewsCisco has released security updates addressing a critical vulnerability in the Switch Integrated Security Features (SISF) of multiple software platforms that could allow unauthenticated attackers to cause denial of service (DoS) conditions. The vulnerability stems from incorrect handling of DHCPv6 packets and affects Cisco IOS Software, IOS XE Software, NX-OS Software, and Wireless LAN Controller…
-
React Router Vulnerabilities Allow Attackers to Spoof Content and Alter Values
by
in SecurityNewsThe widely used React Router library, a critical navigation tool for React applications, has resolved two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) that allowed attackers to spoof content, alter data values, and launch cache-poisoning attacks. Developers must update toreact-router v7.5.2immediately to mitigate risks. Key Vulnerabilities and Impacts 1.CVE-2025-43864: DoS via SPA Mode Cache Poisoning Attackers could…
-
Build your own antisocial writing rig with DOS and a $2 USB key
by
in SecurityNews
Tags: dosReg hack pines for simpler times, then tries to recapture them First seen on theregister.com Jump to article: www.theregister.com/2025/04/26/dos_distraction_free_writing/
-
Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory
by
in SecurityNewsA high-severity denial-of-service (DoS) vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash servers or exhaust system memory by exploiting improperly limited output buffers. The flaw affects Redis versions 2.6 and newer, with patches now available in updates6.2.18,7.2.8, and7.4.3. How the Exploit Works The vulnerability stems from Redis’s default configuration, which imposes no limits…
-
GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs
by
in SecurityNewsGitLab, a leading DevOps platform, has released a critical security patch impacting both its Community (CE) and Enterprise (EE) editions, urging all self-managed users to update immediately. The new versions”, 17.11.1, 17.10.5, and 17.9.7″, address several high and medium-severity vulnerabilities, including cross-site scripting (XSS), denial of service (DoS), and account takeover threats. GitLab emphasizes the…
-
Incomplete patching leaves Nvidia, Docker exposed to DOS attacks
by
in SecurityNewsMitigations include restricting Docker access: CVE-2024-0132 first received a fix in September 2024, which did not fully patch the flaw and left a patch bypass issue tracked as CVE-2025-23359. Nvidia fixed the bypass in February which Trend Micro believes to be lacking.The problem is that the fix, issued with the version 1.17.4 update, includes an…
-
Paragon Hard Disk Manager Flaw Enables Privilege Escalation and DoS Attacks
by
in SecurityNews
Tags: access, attack, cyber, cybersecurity, dos, exploit, flaw, microsoft, ransomware, service, software, vulnerabilityParagon Software’s widely used Hard Disk Manager (HDM) product line has been found to contain five severe vulnerabilities in its kernel-level driver, BioNTdrv.sys, enabling attackers to escalate privileges to SYSTEM-level access or trigger denial-of-service (DoS) attacks. The flaws, now patched, were actively exploited in ransomware campaigns leveraging Microsoft-signed drivers, according to cybersecurity researchers. Overview of the Vulnerabilities The…
-
PAN-OS DoS Vulnerability Allows Attackers to Force Repeated Firewall Reboots
by
in SecurityNewsA newly disclosed denial-of-service (DoS) vulnerability in Palo Alto Networks’ PAN-OS software enables attackers to force firewalls into repeated reboots using maliciously crafted packets. Tracked asCVE-2025-0128, the flaw impacts SCEP (Simple Certificate Enrollment Protocol) authentication and poses significant risks to unpatched systems. The vulnerability,CVE-2025-0128, enables unauthenticated attackers to disrupt network operations by sending a single…