Tag: flaw
-
Bubble.io 0-Day Flaw Lets Attackers Run Arbitrary Queries on Elasticsearch
by
in SecurityNewsA vulnerability in Bubble.io, a leading no-code development platform, has exposed thousands of applications to data breaches. The flaw allows attackers to bypass security controls and execute arbitrary queries on Elasticsearch databases, potentially compromising sensitive user information. Security researchers reverse-engineered Bubble.io’s JavaScript code and HTTP headers to uncover flaws in how the platform encrypts and…
-
CISA Issues Alert on Actively Exploited Apple 0-Day Vulnerabilities
by
in SecurityNews
Tags: apple, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, macOS, ransomware, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority warning regarding two critical zero-day vulnerabilities impacting a wide range of Apple devices. The flaws, which impact the latest versions of iOS, iPadOS, macOS, and other Apple products, are believed to be actively exploited in the wild, though connections to ransomware campaigns remain unconfirmed.…
-
PoC Released for Critical Erlang/OTP SSH RCE Vulnerability
by
in SecurityNewsSecurity teams across industries are urgently patching systems following the public release of a proof-of-concept (PoC) exploit for a newly disclosed critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation. The flaw, tracked as CVE-2025-32433 and assigned a maximum CVSS score of 10.0, enables unauthenticated attackers to execute arbitrary code, potentially taking complete control of affected systems.…
-
What is Vulnerability Exposure Management?
by
in SecurityNewsThe digital world is crumbling, and conventional vulnerability management alone is not enough to defend your organization against the unannounced cyber threats. Identifying the flaws present within your organizational platforms and patching them is a golden rule of protection. However, what about those vulnerabilities that interact with the broader attack surface? Thus, the need for……
-
CVE-2025-24054 Under Active Attack”, Steals NTLM Credentials on File Download
by
in SecurityNews
Tags: credentials, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, ntlm, technology, vulnerability, windowsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a medium-severity security flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.The vulnerability, assigned the CVE identifier CVE-2025-24054 (CVSS score: 6.5), is a Windows New Technology LAN Manager (NTLM) hash disclosure First seen on…
-
Windows NTLM hash leak flaw exploited in phishing attacks on governments
by
in SecurityNewsA Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-ntlm-hash-leak-flaw-exploited-in-phishing-attacks-on-governments/
-
Older SonicWall SMA100 vulnerability exploited in the wild
by
in SecurityNewsCISA added the high-severity flaw, initially disclosed in 2021, to its known exploited vulnerabilities catalog this week. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/sonicwall-sma100-vulnerability-exploited/745637/
-
Hackers target Apple users in an ‘extremely sophisticated attack’
Flaws patched across the board: According to the NVD description, Apple issued a fix for all impacted operating systems. Patched Apple OS rollouts include tvOS 18.4.1, visionOS 2.4.1, iOS 18.4.1, iPadOS 18.4.1, and macOS Sequoia 15.4.1.Specific iPhones and iPads that shall be receiving the patch include iPhone XS and later, iPad Pro 13-inch, iPad Pro…
-
Critical Erlang/OTP SSH Vulnerability Allow Hackers Execute Arbitrary Code Remotely
by
in SecurityNewsA major security flaw has been uncovered in the widely used Erlang/OTP SSH implementation, drawing urgent attention from the cybersecurity community worldwide. The vulnerability, tracked as CVE-2025-32433, exposes systems to unauthenticated remote code execution, potentially allowing hackers to fully compromise affected servers with ease. Overview of the vulnerability The vulnerability was discovered by a research team…
-
Apple released emergency updates for actively exploited flaws
by
in SecurityNewsApple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out”‘of”‘band security updates to address two vulnerabilities, tracked as CVE-2025-31200 and CVE-2025-31201, impacting iOS, iPadOS & macOS. The company confirmed that the flaws have been exploited in a small number of “extremely sophisticated” attacks against iOS targets.…
-
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a SonicWall SMA100 Appliance flaw, tracked as CVE-2021-20035, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is an OS Command Injection Vulnerability in the SMA100 management interface. A…
-
CISA tags SonicWall VPN flaw as actively exploited in attacks
by
in SecurityNewsOn Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-sonicwall-vpn-flaw-as-actively-exploited-in-attacks/
-
Critical Flaw in PHP’s extract() Function Enables Arbitrary Code Execution
by
in SecurityNewsA critical vulnerability in PHP’sextract()function has been uncovered, enabling attackers to execute arbitrary code by exploiting memory corruption flaws. The issue affects PHP versions 5.x, 7.x, and 8.x, allowing malicious actors to trigger double-free (PHP 5.x) or use-after-free (PHP 7.x/8.x) conditions, ultimately leading to remote code execution (RCE). Technical Breakdown According to the SSD report, the flaw stems from…
-
CVE-2025-31200: Apple Patches Two Actively Exploited Zero-Days
by
in SecurityNewsApple has rolled out critical security updates across its ecosystem, including iOS, iPadOS, macOS Sequoia, tvOS, and visionOS, to address two newly discovered zero-day vulnerabilities that are currently being exploited in real-world attacks. Two Actively Exploited Zero-Day Flaws Patched The… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-31200-zero-days-apple/
-
CISA Issues Alert on SonicWall Flaw Being Actively Exploited
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert after confirming active exploitation of a SonicWall vulnerability. The flaw, documented as CVE-2021-20035, targets SonicWall’s SMA100 series appliances and has been added to CISA’s Known Exploited Vulnerabilities Catalog. Overview of the Vulnerability This particular vulnerability lies within the SonicWall Secure Mobile Access (SMA)…
-
Cisco Webex Vulnerability Lets Hackers Execute Code Through Malicious Meeting Links
by
in SecurityNewsCisco has disclosed a high-severity vulnerability in its widely used Webex App, warning users that attackers could exploit the flaw to execute arbitrary code on targeted computers. Tracked as CVE-2025-20236, the vulnerability arises from improper input validation in the app’s custom URL parser, exposing users to remote code execution simply by clicking a specially crafted meeting…
-
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
by
in SecurityNews
Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, mobile, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection First seen…
-
Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks
by
in SecurityNewsApple on Wednesday released security updates for iOS, iPadOS, macOS Sequoia, tvOS, and visionOS to address two security flaws that it said have come under active exploitation in the wild.The vulnerabilities in question are listed below -CVE-2025-31200 (CVSS score: 7.5) – A memory corruption vulnerability in the Core Audio framework that could allow code execution…
-
Multiple Groups Exploit NTLM Flaw in Microsoft Windows
by
in SecurityNewsThe attacks have been going on since shortly after Microsoft patched the vulnerability in March. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/multiple-group-exploiting-ntlm-flaw
-
Windows NTLM Vulnerability (CVE-2025-24054) Actively Exploit in the Wild to Hack Systems
by
in SecurityNewsA critical vulnerability in Microsoft Windows, identified as CVE-2025-24054, has been actively exploited in the wild since March 19, 2025, targets organizations worldwide. The flaw, which enables NTLM hash disclosure through spoofing, allows attackers to harvest sensitive user credentials with minimal interaction, potentially leading to privilege escalation and full network compromise. Despite Microsoft releasing a…
-
Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler
by
in SecurityNewsCybersecurity researchers have detailed four different vulnerabilities in a core component of the Windows task scheduling service that could be exploited by local attackers to achieve privilege escalation and erase logs to cover up evidence of malicious activities.The issues have been uncovered in a binary named “schtasks.exe,” which enables an administrator to create, delete, query,…
-
Patch Now: NVDIA Flaws Expose AI Models, Critical Infrastructure
by
in SecurityNewsA fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/buggy-nvdia-patch-exposes-ai-models-critical-infrastructure
-
CVE program averts swift end after CISA executes 11-month contract extension
by
in SecurityNews
Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-managementImportant update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
-
Cloud, Cryptography Flaws in Mobile Apps Leak Enterprise Data
by
in SecurityNewsCloud misconfigurations and cryptography flaws plague some of the top apps used in work environments, exposing organizations to risk and intrusion. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/cloud-cryptography-flaws-mobile-apps-expose-enterprise-data
-
SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions
by
in SecurityNewsPalo Alto, California, 16th April 2025, CyberNewsWire First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/squarex-to-uncover-data-splicing-attacks-at-bsides-san-francisco-a-major-dlp-flaw-that-compromises-data-security-of-millions/
-
Firefox Fixes High-Severity Vulnerability Causing Memory Corruption via Race Condition
by
in SecurityNewsMozilla has released Firefox 137.0.2, addressing a high-severity security flaw that could potentially allow attackers to exploit memory corruption. The fix comes following the discovery and reporting of the vulnerability by the Mozilla Fuzzing Team, as detailed in Mozilla Foundation Security Advisory 2025-25. Details of the Vulnerability The patched vulnerability, CVE-2025-3608, was found in the nsHttpTransaction component of…
-
Tails 6.14.2 Released with Critical Fixes for Linux Kernel Vulnerabilities
by
in SecurityNewsThe Tails Project has urgently releasedTails 6.14.2, addressing critical security vulnerabilities in the Linux kernel and the Perl programming language. This emergency release is vital for users who rely on Tails’ security and privacy features, following the discovery of multiple flaws that could compromise system safety. Critical Security Vulnerabilities Addressed The most significant updates in…