Tag: vulnerability
-
Critical CVSS 9.8 Flaw Found in IBM API Connect Authentication System
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.”IBM API Connect could allow a…
-
Critical vulnerability in IBM API Connect could allow authentication bypass
Tags: api, authentication, control, exploit, flaw, governance, ibm, mitigation, monitoring, radius, resilience, service, software, update, vmware, vulnerabilityInterim fixes provided: IBM said that the issue was discovered during internal testing, and it has provided interim fixes for each affected version of the software, with individual update details for VMware, OCP/CP4I, and Kubernetes.The only mitigation suggested for the flaw, according to IBM’s security bulletin, is this: “Customers unable to install the interim fix…
-
Apache StreamPipes Flaw Lets Anyone Become Admin
A critical Apache StreamPipes vulnerability lets users hijack admin accounts via broken authentication. The post Apache StreamPipes Flaw Lets Anyone Become Admin appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apache-streampipes-flaw-lets-anyone-become-admin/
-
NeuroSploit v2 Launches as AI-Powered Penetration Testing Framework
Tags: ai, automation, cyber, framework, intelligence, penetration-testing, technology, threat, vulnerabilityNeuroSploit v2 is an advanced AI-powered penetration testing framework designed to automate and enhance offensive security operations. Leveraging cutting-edge large language model (LLM) technology, the framework brings automation to vulnerability assessment, threat simulation, and security analysis workflows. NeuroSploit v2 represents a significant evolution in how organizations approach penetration testing by combining artificial intelligence with established…
-
Malicious Manipulation of LLMs for Scalable Vulnerability Exploitation
A groundbreaking study from researchers at the University of Luxembourg reveals a critical security paradigm shift: large language models (LLMs) are being weaponized to automatically generate functional exploits from public vulnerability disclosures, effectively transforming novice attackers into capable threat actors. The research demonstrates that threat actors no longer need deep technical expertise to compromise enterprise…
-
Critical Apache StreamPipes Flaw Allows Attackers to Take Over Admin Accounts
Apache StreamPipes has released an urgent security advisory addressing CVE-2025-47411, a critical privilege escalation vulnerability affecting versions 0.69.0 through 0.97.0. The flaw allows attackers with legitimate non-administrator accounts to exploit the user ID creation mechanism and hijack administrator credentials, gaining full control over the streaming data platform. The Vulnerability The vulnerability stems from improper handling…
-
Singapore CSA warns of maximun severity SmarterMail RCE flaw
Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload. Singapore’s Cyber Security Agency of Singapore (CSA) warns of a maximum severity flaw, tracked as CVE-2025-52691 (CVSS score of 10.0), in SmarterMail. The vulnerability enables unauthenticated remote code execution via arbitrary file upload. >>Successful exploitation of the…
-
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.”IBM API Connect could allow a…
-
IBM Warns of Critical API Connect Bug Allowing Remote Authentication Bypass
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application.The vulnerability, tracked as CVE-2025-13915, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an authentication bypass flaw.”IBM API Connect could allow a…
-
IBM warns of critical API Connect auth bypass vulnerability
IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ibm-warns-of-critical-api-connect-auth-bypass-vulnerability/
-
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs
MongoBleed (CVE-2025-14847) lets attackers remotely leak memory from unpatched MongoDB servers using zlib compression, without authentication. A critical vulnerability, CVE-2025-14847 (MongoBleed), was disclosed right after Christmas, an unwelcome “gift” for the cybersecurity community, impacting MongoDB Server deployments that use zlib network compression. MongoDB is a popular open-source NoSQL database used to store and manage data…
-
Singapore CSA Warns of Critical SmarterMail Flaw Enabling Unauthenticated Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a high-priority alert warning organizations and system administrators about a critical security vulnerability affecting SmarterMail, an enterprise email and collaboration platform developed by SmarterTools. The flaw, tracked as CVE-2025-52691, carries the highest possible severity rating and could allow attackers to execute arbitrary code remotely without authentication. First seen on…
-
Daran scheitert Passwordless
Passwortlose Authentifizierung im Unternehmen einzuführen, ist nur auf dem Papier einfach.Etliche Enterprise-CISOs versuchen schon seit mehr als einer Dekade, Passwörter hinter sich zu lassen. Weil aber diverse Legacy-Systeme ausschließlich auf Kennwörter ausgelegt sind, stoßen sie dabei immer wieder auf technische Hürden. Das spiegelt auch der aktuelle “ID IQ Report 2026″ von RSA (Download gegen Daten)…
-
So geht Post-Incident Review
Post-Incident Reviews können dazu beitragen, die richtigen Lehren aus Sicherheitsvorfällen zu ziehen wenn sie richtig aufgesetzt sind.Angenommen, Ihr Unternehmen wird von Cyberkriminellen angegriffen, kommt dabei aber mit einem blauen Auge davon, weil die Attacke zwar spät, aber noch rechtzeitig entdeckt und abgewehrt werden konnte ohne größeren Business Impact. Jetzt einfach wie bisher weiterzumachen und die…
-
Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of Organizations
Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/apples-app-store-source-map-leak-a-preventable-vulnerability-we-found-in-70-of-organizations/
-
Apple’s App Store Source Map Leak: A Preventable Vulnerability We Found in 70% of Organizations
Apple’s App Store source map leak shows a preventable risk we found in 70% of organizations shipping production web apps. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/apples-app-store-source-map-leak-a-preventable-vulnerability-we-found-in-70-of-organizations/
-
Zero-day vulnerabilities: what they are and how to respond
Zero-day vulnerabilities often attract attention and concern because of their unpredictability. They are, by definition, weaknesses that are unknown to software vendors and therefore have no official fix at the point of discovery. When discovered and exploited by malicious actors, they allow attackers to bypass controls before organisations even realise there is a problem. The”¦…
-
CISA Alerts on Active Exploitation of MongoDB Vulnerability CVE-2025-14847
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about the active exploitation of CVE-2025-14847, a severe vulnerability affecting MongoDB and MongoDB Server. The flaw was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on December 29, 2025, signaling that threat actors are actively targeting this security weakness in real-world attacks.…
-
Hackers Abuse Copilot Studio’s New Connected Agents Feature to Plant Backdoors
Microsoft’s latest innovation may have opened the door to sophisticated cyberattacks. At Build 2025, the company introduced >>Connected Agents,
-
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution.The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution…
-
CSA Issues Alert on Critical SmarterMail Bug Allowing Remote Code Execution
The Cyber Security Agency of Singapore (CSA) has issued a bulletin warning of a maximum-severity security flaw in SmarterTools SmarterMail email software that could be exploited to achieve remote code execution.The vulnerability, tracked as CVE-2025-52691, carries a CVSS score of 10.0. It relates to a case of arbitrary file upload that could enable code execution…
-
Critical SmarterMail Flaw Allows Attackers to Execute Remote Code
SmarterTools has issued an urgent security advisory regarding a critical vulnerability in its widely used SmarterMail software. The flaw, which carries the highest possible severity score, could allow unauthenticated attackers to completely take over affected mail servers. The vulnerability, tracked as CVE-2025-52691, has been assigned a CVSS v3.1 score of 10.0, indicating maximum severity. It affects SmarterMail…
-
Critical SmarterMail Flaw Allows Attackers to Execute Remote Code
SmarterTools has issued an urgent security advisory regarding a critical vulnerability in its widely used SmarterMail software. The flaw, which carries the highest possible severity score, could allow unauthenticated attackers to completely take over affected mail servers. The vulnerability, tracked as CVE-2025-52691, has been assigned a CVSS v3.1 score of 10.0, indicating maximum severity. It affects SmarterMail…
-
Critical IBM API Connect Flaw Allows Attackers to Bypass Authentication
IBM has disclosed a critical authentication bypass vulnerability affecting its API Connect platform, assigning it a maximum CVSS severity score of 9.8. The flaw, tracked as CVE-2025-13915, represents a primary authentication weakness (CWE-305) that requires no user interaction or special privileges to exploit. The vulnerability impacts IBM API Connect versions 10.0.8.0 through 10.0.8.5 and version…
-
75,000 MongoDBs Exposed as Attackers Exploit ‘MongoBleed’
Tags: data, data-breach, exploit, flaw, group, Internet, mitigation, ransomware, risk, software, vulnerabilityPatches Issued for MongoBleed as Ransomware Groups Target Flaw to Steal Data. Tens of thousands of internet-exposed MongoDB databases are at risk as attackers actively target a critical vulnerability in the software to steal sensitive data, with ransomware groups having joined the fray, researchers warn. MongoDB has issued patches and mitigation advice. First seen on…
-
When One Vulnerability Breaks the Internet and Millions of Devices Join In
The final weeks of 2025 did not arrive quietly. A single software flaw rippled across the internet, healthcare providers disclosed deeply personal data exposures, and millions of everyday devices quietly joined large scale attacks. As we step into 2026, the ColorTokens Threat Advisory brief captures the operating conditions security teams are already living in, where breaches are assumed, exploitation is fast,……
-
React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web
What the research quickly agreed on: Across early reports from Wiz, Palo Alto Networks’ Unit 42, Google AWS, and others, there was a strong alignment on the core mechanics of React2Shell. Researchers independently confirmed that the flaw lives inside React’s server-side rendering pipeline and stems from unsafe deserialization in the protocol used to transmit component…
-
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-warns-of-5-year-old-fortios-2fa-bypass-still-exploited-in-attacks/