exploit

May 27, 2025

Threat Actors Use Fake DocuSign Notifications to Steal Corporate Data

DocuSign has emerged as a cornerstone for over 1.6 million customers worldwide, including 95% of Fortune 500 companies, and boasts…
Read More »
May 27, 2025

Mozilla Quickly Fixes Firefox Vulnerabilities from Pwn2Own 2025 with Urgent Patches

At this year’s Pwn2Own Berlin, security researchers successfully demonstrated two new zero-day exploits against Mozilla Firefox, targeting the browser’s content…
Read More »
May 26, 2025

Meteobridge web interface Vulnerability Let Attackers Inject Commands Remotely

ONEKEY Research Lab has uncovered a severe command injection vulnerability in the MeteoBridge firmware, a compact device designed to connect…
Read More »
May 26, 2025

Severe vBulletin Flaw Allows Remote Code Execution by Attackers

A newly discovered vulnerability in vBulletin, one of the world’s most popular commercial forum platforms, has highlighted the dangers of…
Read More »
May 24, 2025

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager Mobile (EPMM) version 12.5.0.0 and earlier.…
Read More »
May 24, 2025

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code execution (RCE) access to Burger King…
Read More »
May 23, 2025

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to disrupt DNS infrastructure, manipulate Non-Human Identity…
Read More »
May 23, 2025

Russian Hackers Exploit Oracle Cloud Infrastructure to Target Scaleway Object Storage

Russian threat actors have been leveraging trusted cloud infrastructure platforms like Oracle Cloud Infrastructure (OCI) Object Storage and Scaleway Object…
Read More »
May 22, 2025

Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication

Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security and SD-WAN orchestration platform used…
Read More »
May 21, 2025

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript to deliver a Chinese adult-content…
Read More »
May 20, 2025

DPRK IT Workers Impersonate Polish and US Nationals to Secure Full-Stack Developer Positions

A alarming cybersecurity report by Nisos has uncovered a sophisticated employment scam network potentially affiliated with the Democratic People’s Republic…
Read More »
May 19, 2025

Hackers Exploit AutoIT Scripts to Deploy Malware Targeting Windows Systems

Cybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known for its deep integration with Windows…
Read More »
May 19, 2025

Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems

A reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on May 13, 2025, to disseminate the…
Read More »
May 19, 2025

Cybercriminal Andrei Tarasov Escapes US Extradition, Returns to Russia

Andrei Vladimirovich Tarasov, a 33-year-old Russian cybercrime figure known online as “Aels,” has returned to Russia after evading US extradition.…
Read More »
May 17, 2025

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering critical vulnerabilities across major enterprise platforms…
Read More »
May 16, 2025

Jenkins Released Security Updates – Multiple Vulnerabilities Fixed That Allow Attackers to Exploit CI/CD Pipelines

Jenkins, the widely used automation server for CI/CD pipelines, has released a critical security advisory addressing several vulnerabilities in popular…
Read More »
May 14, 2025

Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by threat actors deploying Horabot malware, predominantly…
Read More »
May 14, 2025

Weaponized PyPI Package Targets Developers to Steal Source Code

Security researchers at RL have discovered a malicious Python package called “solana-token” on PyPI that is intended to prey on…
Read More »
May 13, 2025

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has evolved with sophisticated PowerShell tools…
Read More »
May 12, 2025

Metasploit Update Adds Erlang/OTP SSH Exploit and OPNSense Scanner

The open-source penetration testing toolkit Metasploit has unveiled a major update, introducing four new modules, including a highly anticipated exploit…
Read More »

Previous page Next page