ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
DragonForce Ransomware Attacking Critical Business to Exfiltrate Sensitive Information
A new ransomware operation known as DragonForce has emerged as a major threat to organizations worldwide since its appearance in late 2023. This sophisticated malware campaign targets critical business infrastructure acr
CVE-2026-25514 - FacturaScripts has SQL Injection vulnerability in Autocomplete Actions
CVE ID : CVE-2026-25514 Published : Feb. 4, 2026, 8:16 p.m. | 1 hour, 39 minutes ago Description : FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaS
CVE-2026-25513 - FacturaScripts has SQL Injection vulnerability in API ORDER BY Clause
CVE ID : CVE-2026-25513 Published : Feb. 4, 2026, 8:16 p.m. | 1 hour, 39 minutes ago Description : FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaS
SolarWinds RCE bug makes Cisa list as exploitation spreads
<p>A critical vulnerability in SolarWinds’ Web Help Desk service has been added to the US Cybersecurity and Infrastructure Security Agency’s (Cisa’s) <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
Critical n8n flaws disclosed along with public exploits
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. [...]
Supply Chain Attack Abused Notepad++ Update Infrastructure to Deliver Targeted Malware
The developers of Notepad++ disclosed a critical security breach on February 2, 2026, affecting their update infrastructure. The popular text editor, widely used by developers worldwide, became the target of a sophistica
CISA Warns of GitLab Community and Enterprise Editions SSRF Vulnerability Exploited in Attacks
A critical GitLab vulnerability has been added to the Known Exploited Vulnerabilities (KEV) catalog. Threat actors are actively exploiting a server-side request forgery (SSRF) flaw in GitLab Community and Enterprise edit
DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft
The critical vulnerability exists in the contextual trust in MCP Gateway architecture, as instructions are passed without validation. The post DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft appeared firs
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as act
CVE-2025-59818 - Authenticated Remote Code Execution via the file name of an uploaded file
CVE ID : CVE-2025-59818 Published : Feb. 4, 2026, 11:16 a.m. | 39 minutes ago Description : This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name
Hackers Exfiltrating NTDS.dit File to Gain Complete of Active Directory
Active Directory remains the backbone of enterprise authentication systems, storing critical information about user accounts, passwords, and domain configurations. Recently, security experts have observed a surge in atta
Fresh SolarWinds Vulnerability Exploited in Attacks
The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. The post Fresh SolarWinds Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Ingress-Nginx Vulnerability Allow Attackers to Execute Arbitrary Code
A critical security vulnerability has been discovered in ingress-nginx, a popular Kubernetes ingress controller, that could allow authenticated attackers to execute arbitrary code and access sensitive cluster secrets. Th
CISA Warns of SolarWinds Web Help Desk RCE Vulnerability Exploited in Attacks
An urgent warning regarding a critical remote code execution (RCE) vulnerability in SolarWinds Web Help Desk. The vulnerability, tracked as CVE-2025-40551, exploits unsafe deserialization of untrusted data and could allo
Critical Django Vulnerabilities Enables DoS and SQL Injection Attacks
The development team has issued urgent security updates to fix six critical vulnerabilities affecting multiple versions of the popular Python web framework. The flaws, which include three high-severity SQL injection vuln
Chrome Vulnerabilities Let Attackers Execute Arbitrary Code and Crash System
Google has released a critical security update for the Chrome Stable channel, addressing two high-severity vulnerabilities that expose users to potential arbitrary code execution (ACE) and denial-of-service (DoS) attacks
Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata
Cybersecurity researchers have disclosed details of a now-patched security flaw impacting Ask Gordon, an artificial intelligence (AI) assistant built into Docker Desktop and the Docker Command-Line Interface (CLI), that
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Cybersecurity company VulnCheck said it first observed
Hackers Exploiting React Native’s Metro Server in the Wild to Attack Developers
Threat actors are actively exploiting a critical remote code execution vulnerability in React Native’s Metro Development Server to deliver advanced malware payloads across Windows and Linux systems. VulnCheck’s Canary ho
Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure
Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Nati