ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Scattered Spider Attacking UK Retail Organizations in Supply Chain Attack
<html><body><p>A sophisticated threat actor group known as Scattered Spider has expanded its targeting to UK retail organizations, leveraging advanced supply chain attack methodologies to compromise high-value targets. T
Asus One-Click Vulnerability Let Attackers Execute Malicious Remote Code
<html><body><p>A critical vulnerability discovered in ASUS’s DriverHub utility allowed malicious websites to execute arbitrary code with administrator privileges on affected systems through a single click. Security rese
SAP May 2025 Patch Tuesday – Patch for Actively Exploited 0-day & 15 Vulnerabilities
<html><body><p>SAP’s May 2025 Security Patch Day includes an urgent update to the previously released emergency patch for a critical zero-day vulnerability (CVE-2025-31324) that continues to see active exploitation acros
Recurring Supply‑Chain Lapses Expose UEFI Firmware to Pre‑OS Threats
<html><body><p>A disturbing pattern of security failures in the firmware supply chain continues to expose millions of devices to pre-OS threats, potentially undermining the foundation of computer security. Between 2022 a
Cobalt Strike 4.11.1 Released With Fix For ‘Enable SSL’ Checkbox
<html><body><p>Fortra has released Cobalt Strike 4.11.1, an out-of-band update addressing critical issues discovered in their recent 4.11 release. This update, released on May 12, 2025, focuses primarily on resolving mo
Apple Security Update: 8 Vulnerabilities Exposing Sensitive Data Patched
<html><body><p>Apple has released critical security updates for macOS Sequoia, addressing multiple vulnerabilities that could allow malicious applications to access sensitive user data. The update, macOS Sequoia 15.5, f
Apple released security updates to fix multiple flaws in iOS and macOS
<html><body><p>Apple released security updates to address easily exploitable vulnerabilities impacting iOS and macOS devices. Apple released urgent iOS and macOS security updates to patch critical flaws that could allow
ASUS DriverHub flaw let malicious sites run commands with admin rights
<html><body><p>The ASUS DriverHub driver management utility was vulnerable to a critical remote code execution flaw that allowed malicious sites to execute commands on devices with the software installed. [...]</p></body
Majority of Browser Extensions Pose Critical Security Risk, A New Report Reveals
<html><body><p>99% of enterprise users have browser extensions but over half carry high-risk permissions. LayerX's 2025 report reveals how everyday extensions expose sensitive data, and what security teams must do now. [
SAP NetWeaver Vulnerability Exploited in Wild by Chinese Hackers
<html><body><p>A critical vulnerability in SAP NetWeaver Application Server has become the latest target for Chinese state-sponsored threat actors, with researchers confirming active exploitation in the wild. The zero-da
PoC Exploit Released For Linux Kernel’s nftables Subsystem Vulnerability
<html><body><p>A critical Proof-of-Concept (PoC) exploit has been released for a significant vulnerability in the Linux kernel’s nftables subsystem, tracked as CVE-2024-26809. This flaw, rooted in the kernel’s netfilter
Critical Vulnerabilities in Mitel SIP Phones Let Attackers Inject Malicious Commands
<html><body><p>Security researchers have discovered two significant vulnerabilities affecting Mitel’s suite of SIP phones that could allow attackers to execute arbitrary commands and upload malicious files. The more seve
Chinese Hackers Exploit SAP RCE Vulnerability to Upload Supershell Backdoors
<html><body><p>A critical remote code execution vulnerability in SAP NetWeaver Visual Composer (CVE-2025-31324) is being actively exploited by a Chinese threat actor to compromise enterprise systems worldwide. The vulner
LockBit Hacked – 20 Critical CVEs Exploited by LockBit Uncovered
<html><body><p>The notorious LockBit ransomware gang website has been hacked. On May 7, 2025, the group’s dark web affiliate panels were defaced with the message “Don’t do crime CRIME IS BAD xoxo from Prague,” accompanie
Critical Azure & Power Apps Vulnerabilities Let Attackers Escalate Privileges
<html><body><p>Microsoft has patched four critical security vulnerabilities affecting several core cloud services including Azure DevOps, Azure Automation, Azure Storage, and Microsoft Power Apps. These high-severity fl
Azure Storage Utility Vulnerability Let Attackers Escalate Their Privileges to Root
<html><body><p>A critical security vulnerability in AZNFS-mount, an Azure utility that allows attackers to escalate privileges from an unprivileged user to root on Linux machines. The vulnerability affects all versions u
New Attack Exploiting X/Twitter Advertising Display URL Feature to Trick Users
<html><body><p>A sophisticated financial scam has emerged on X/Twitter, exploiting a critical vulnerability in the platform’s advertising display URL feature. Cybersecurity researchers have uncovered a campaign that tric
Ubiquiti UniFi Protect Camera Vulnerability Allows Remote Code Execution
<html><body><p>A critical security vulnerability in Ubiquiti UniFi Protect Cameras could allow attackers to execute arbitrary code remotely. The flaw, which received the highest possible CVSS score of 10.0, affects all
US tells CNI orgs to stop connecting OT kit to the web
<html><body><p>The US authorities have released new guidance for owners of critical national infrastructure in the face of an undisclosed number of cyber incidents.</p></body></html>
Radware Cloud Web App Firewall Vulnerability Let Attackers Bypass Filters
<html><body><p>Security researchers have uncovered critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that could allow attackers to completely bypass security filters, potentially exposing underly