ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
WinRAR 0-Day Vulnerabilities Exploited in Wild by Hackers – Detailed Case Study
The cybersecurity landscape has been significantly impacted by the discovery and active exploitation of two critical zero-day vulnerabilities in WinRAR, one of the world’s most widely used file compression utilities. CV
French Retailer Auchan Cyberattack – Thousands of Customers Personal Data Exposed
Major French retail chain Auchan announced on August 21, 2025, that it suffered a significant cybersecurity incident resulting in the unauthorized access and theft of personal data from “several hundred thousand” custome
CISA Warns of Citrix RCE and Privilege Escalation Vulnerabilities Exploited in Attacks
CISA has issued a critical alert regarding three newly identified vulnerabilities being actively exploited by threat actors. On August 25, 2025, CISA added these high-risk Common Vulnerabilities and Exposures (CVEs) to i
Docker fixes critical Desktop flaw allowing container escapes
Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability
Critical Docker Desktop flaw lets attackers hijack Windows hosts
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. [...]
0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets
A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction. The flaw, which earned a $3,000 bug bou
Multiple vtenext Vulnerabilities Let Attackers Bypass Authentication and Execute Remote Codes
A comprehensive security analysis of vtenext CRM version 25.02 has revealed multiple critical vulnerabilities that allow unauthenticated attackers to bypass authentication mechanisms through three distinct attack vectors
Arch Linux Confirms Week-Long DDoS Attack Disrupted its Website, Repository, and Forums
The Arch Linux Project has officially confirmed that its primary infrastructure services have been subjected to an ongoing distributed denial-of-service (DDoS) attack that has persisted for over a week. The attack severe
EDR vs MDR – What is the Difference and Which Solution Right for Your Organization?
As cybersecurity threats continue to evolve in complexity and sophistication, organizations face critical decisions about their security infrastructure. Two prominent approaches have emerged as frontrunners in enterprise
Critical Tableau Server Vulnerability Let Attackers Upload Malicious Files
A critical security flaw in Tableau Server could enable attackers to upload and execute malicious files, potentially leading to complete system compromise. The vulnerability, tracked as CVE-2025-26496 with a CVSS score
PoC Exploit & Vulnerability Analysis Released for Apple 0-Day RCE Vulnerability
A detailed proof-of-concept exploit and comprehensive vulnerability analysis have been released for CVE-2025-43300, a critical zero-click remote code execution flaw affecting Apple’s image processing infrastructure. The
CVE-2025-54988
Currently trending CVE - Hype Score: 2 - Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection
CISA Warns of Apple iOS, iPadOS, and macOS 0-day Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical zero-day vulnerability affecting Apple’s iOS, iPadOS, and macOS operating systems that threat actors are actively exploiting. The vulnerability, tracked as CVE-2025
Azure’s Default API Connection Vulnerability Enables Full Cross-Tenant Compromise
A critical vulnerability in Microsoft Azure’s API Connection infrastructure enabled attackers to compromise resources across different Azure tenants worldwide. The flaw, which earned Gulbrandsrud a $40,000 bounty and a
ChatGPT-5 Downgrade Attack Let Hackers Bypass AI Security With Just a Few Words
A critical vulnerability in OpenAI’s latest flagship model, ChatGPT-5, allows attackers to sidestep its advanced safety features using simple phrases. The flaw, dubbed “PROMISQROUTE” by researchers at Adversa AI, exploit
Moscow exploiting seven-year-old Cisco flaw, says FBI
<p>Threat actors linked to the Russian government are falling back on a seven-year-old vulnerability in Cisco equipment that was <a href="https://www.darkreading.com/perimeter/attackers-exploit-cisco-switch-issue-as-vend
Threat Actors Gaining Access to Victims’ Machines and Monetizing Access to Their Bandwidth
A stealthy campaign emerged in early March 2025 that capitalized on a critical remote code execution flaw in GeoServer (CVE-2024-36401) to compromise publicly exposed geospatial servers. Attackers exploited JXPath query
New QUIC-LEAK Vulnerability Let Attackers Exhaust Server Memory and Trigger DoS Attack
A critical pre-handshake vulnerability in the LSQUIC QUIC implementation that allows remote attackers to crash servers through memory exhaustion attacks. The vulnerability, designated CVE-2025-54939 and dubbed “QUIC-LEA
FBI warns of Russian hackers exploiting 7-year-old Cisco flaw
The Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia's Federal Security Service (FSB) are targeting critical infrastructure organizations in attacks exploiting a 7-year-old vulnerability in