ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Cisco Secure Firewall Snort 3 Detection Engine Vulnerability Enables DoS Attacks
Critical security flaw CVE-2025-20217 allows unauthenticated attackers to trigger denial-of-service conditions in Cisco’s widely deployed firewall systems Cisco has disclosed a high-severity vulnerability in its Secure F
Cisco Secure Firewall Vulnerability Allows Hackers to Inject Remote Shell Command Injection
Cisco has disclosed a critical security vulnerability in its Secure Firewall Management Center (FMC) Software that could allow unauthenticated attackers to execute arbitrary shell commands with high-level privileges remo
Pro-Russian hackers blamed for water dam sabotage in Norway
The Norwegian Police Security Service (PST) says that pro-Russian hackers took control of critical operation systems at a dam and opened outflow valves. [...]
Apache Tomcat Vulnerabilities Let Attackers Trigger Dos Attack
A critical security vulnerability in Apache Tomcat’s HTTP/2 implementation has been discovered, enabling attackers to launch devastating denial-of-service (DoS) attacks against web servers. The vulnerability, designated
Adobe’s August 2025 Patch Tuesday – 60 Vulnerabilities Patches Across Multiple Products
Adobe has released a comprehensive security update addressing 60 critical vulnerabilities across 13 of its flagship products as part of its August 2025 Patch Tuesday initiative. The massive security bulletin, published o
Xerox FreeFlow Core Vulnerability Let Remote Attackers Execute Malicious Code – PoC Released
Critical vulnerabilities in Xerox FreeFlow Core, a widely-used print orchestration platform, allow unauthenticated remote attackers to execute malicious code on vulnerable systems. The flaws, tracked as CVE-2025-8355 an
Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks
A critical security vulnerability has been discovered in the popular “Database for Contact Form 7, WPforms, Elementor forms” WordPress plugin, potentially exposing over 70,000 websites to remote code execution attacks.
CISA Warns of N-able N-Central Deserialization and Injection Vulnerability Exploited in Attacks
CISA has issued urgent warnings regarding two critical security vulnerabilities in N-able N-Central remote monitoring and management (RMM) software that threat actors are actively exploiting. The vulnerabilities, identi
Zoom patches critical Windows flaw allowing privilege escalation
Zoom fixed a critical Windows client flaw (CVE-2025-49457, CVSS 9.6) involving an untrusted search path that could enable privilege escalation. Cloud-based video conferencing and online collaboration platform Zoom addres
What Is Out-of-Bounds Read and Write Vulnerability?
Out-of-bounds read and write vulnerabilities represent critical security vulnerabilities that occur when software accesses memory locations beyond the allocated boundaries of data structures such as arrays, buffers, or o
Microsoft Exchange Server Vulnerabilities Let Attackers Spoof and Tamper Over Network
Critical security vulnerabilities in Microsoft Exchange Server enable attackers to perform spoofing and tampering attacks over network connections. The vulnerabilities include two Exchange Server flaws (CVE-2025-25007 a
GitHub Copilot RCE Vulnerability via Prompt Injection Leads to Full System Compromise
A critical security vulnerability in GitHub Copilot and Visual Studio Code has been discovered that allows attackers to achieve remote code execution through prompt injection attacks, potentially leading to full system c
Multiple GitLab Vulnerabilities Enables Account Takeover and Stored XSS Exploitation
GitLab has released emergency security patches addressing multiple critical vulnerabilities that could enable attackers to perform account takeovers and execute stored cross-site scripting (XSS) attacks. The patches wer
CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild
The U.S. Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, with a due date of September 2, 2025, for federal agencies to apply mitigations. WinR
Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild
Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. [...]
Critical FortiSIEM flaw under active exploitation, Fortinet warns
Fortinet warns of a critical FortiSIEM vulnerability, tracked as CVE-2025-25256, that is actively exploited in attacks in the wild. Fortinet warns customers of a critical vulnerability, tracked as CVE-2025-25256 (CVSS sc
New ‘Curly COMrades’ APT Hackers Attacking Targeting Critical Organizations in Countries
A sophisticated new threat actor group dubbed “Curly COMrades” has emerged as a significant cybersecurity concern, conducting targeted espionage campaigns against critical organizations in countries experiencing substant
Hackers Could Gain Full Control of Your Rooted Android Devices by Exploiting One Vulnerability
A critical security vulnerability discovered in popular Android rooting frameworks could allow malicious applications to completely compromise rooted devices, giving attackers full system control without user knowledge.
Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code Remotely
Microsoft released critical security updates, addressing three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems. The vulnerabilities, tracked as CVE-2025-
FortiWeb Authentication Bypass Vulnerability Let Attackers Log in As Any Existing User
A critical authentication bypass vulnerability in FortiWeb allows unauthenticated remote attackers to impersonate any existing user on affected systems. The vulnerability, tracked as CVE-2025-52970 with a CVSS score of