ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CISA orders fed agencies to patch new Exchange flaw by Monday
CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM
CISA, Microsoft warn of critical Exchange hybrid flaw CVE-2025-53786
CISA and Microsoft warn of CVE-2025-53786, a high-severity Exchange flaw allowing privilege escalation in hybrid cloud environments. CISA and Microsoft warn of a high-severity flaw, tracked as CVE-2025-53786, in Exchange
IRGC Hacker Groups Attacking Targeted Financial, Government, and Media Organizations
During the 12-day conflict between Israel and Iran in June 2025, a sophisticated network of Iranian-linked cyber threat actors launched coordinated digital operations against critical infrastructure sectors worldwide. Th
New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data
Sophisticated attack vectors unveiled that exploit hybrid Active Directory and Microsoft Entra ID environments, demonstrating how attackers can achieve complete tenant compromise through previously unknown lateral moveme
10 Best Data Loss Prevention Software in 2025
Data Loss Prevention (DLP) software is a critical cybersecurity solution designed to protect sensitive data from leaving an organization’s network. In an era where data is a company’s most valuable asset, and regulatory
HashiCorp Vault 0-Day Vulnerabilities Let Attackers Execute Remote Code
Security researchers uncovered a series of critical zero-day vulnerabilities in HashiCorp Vault in early August 2025, the widely adopted secrets management solution. These flaws, spanning authentication bypasses, policy
HTTP/1.1 Fatal Vulnerability Exposes Millions of Websites to Hostile Takeover
A critical vulnerability in the HTTP/1.1 protocol threatens tens of millions of websites with potential hostile takeovers through sophisticated desynchronization attacks. This fundamental flaw in the decades-old protoco
Over 100 Dell models exposed to critical ControlVault3 firmware bugs
ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access. Cisco Talos reported five vulnerabilities collectively named ReVault (tracked as CV
New Microsoft Exchange Server Vulnerability Enables Attackers to Gain Admin Privileges
A critical security vulnerability in Microsoft Exchange Server hybrid deployments has been disclosed, allowing attackers with on-premises administrative access to escalate privileges to cloud environments without easily
Trend Micro fixes two actively exploited Apex One RCE flaws
Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection. Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025
Rockwell Arena Simulation Vulnerabilities Let Attackers Execute Malicious Code Remotely
Rockwell Automation has disclosed three critical memory corruption vulnerabilities in its Arena® Simulation software that could allow threat actors to execute arbitrary code remotely on affected systems. The security fl
NCSC updates CNI Cyber Assessment Framework
<p>The UK’s National Cyber Security Centre (NCSC) has rolled out a series of updates to its <a href="https://www.ncsc.gov.uk/collection/cyber-assessment-framework/" target="_blank" rel="noopener">Cyber Assessment Framewo
Chinese Hackers Exploit SharePoint Vulnerabilities to Deploy Toolsets Includes Backdoor, Ransomware and Loaders
A sophisticated Chinese threat actor has been exploiting critical vulnerabilities in Microsoft SharePoint to deploy an advanced malware toolset dubbed “Project AK47,” according to new research published by Palo Alto Netw
Adobe AEM Forms 0-Day Vulnerability Let Attackers Execute Arbitrary Code
Adobe has released an urgent security update for Adobe Experience Manager Forms on Java Enterprise Edition (JEE) to address two critical zero-day vulnerabilities that could allow attackers to execute arbitrary code and p
Scattered Spider Threat Actor Profile – New Tactics, Techniques, Procedures and IoCs
Scattered Spider, one of the most sophisticated and persistent cybercriminal groups active today, has focused on their evolution from basic phishing operations to complex multi-stage ransomware campaigns targeting critic
Critical Trend Micro Apex One Management RCE Vulnerability Actively Exploited in the wild
Critical command injection remote code execution (RCE) vulnerabilities in Trend Micro Apex One Management Console are currently being actively exploited by threat actors. The company confirmed observing at least one ins
CISA Releases Two Advisories Covering Vulnerabilities, and Exploits Surrounding ICS
CISA released two urgent Industrial Control Systems (ICS) advisories on August 5, 2025, addressing significant security vulnerabilities in critical manufacturing and energy sector systems. These advisories detail exploi
U.S. Treasury Warns of Crypto ATMs Fueling Criminal Activity
The U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) has issued a critical warning about the exploitation of convertible virtual currency (CVC) kiosks by criminal organizations. Released on
New MCPoison Attack Leverages Cursor IDE MCP Validation to Execute Arbitrary System Commands
A critical vulnerability in Cursor IDE, the rapidly growing AI-powered development environment, enables persistent remote code execution through manipulation of the Model Context Protocol (MCP) system. The vulnerability,
New Streamlit Vulnerability Allows Hackers to Launch Cloud Account Takeover Attacks
A critical vulnerability in Streamlit, the popular open-source framework for building data applications, enables attackers to conduct cloud account takeover attacks. The flaw, discovered in February 2025, exploits weakn