ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
CISA flags critical SolarWinds RCE flaw as exploited in attacks
CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days. [...]
Critical React Native Vulnerability Exploited in the Wild
Albeit mainly considered a theoretical risk, the flaw has been exploited to disable protections and deliver malware. The post Critical React Native Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. [...]
Apache Syncope Vulnerability Let Attackers Hijack User Sessions
A critical XML External Entity (XXE) vulnerability has been disclosed in the Syncope identity management console. The flaw could allow administrators to expose sensitive user data and compromise session security inadvert
CVE-2026-24465 - ELECOM Wireless LAN Access Point Stack-based Buffer Overflow Vulnerability
CVE ID : CVE-2026-24465 Published : Feb. 3, 2026, 7:16 a.m. | 37 minutes ago Description : Stack-based buffer overflow vulnerability exists in ELECOM wireless LAN access point devices. A crafted packet may lead to arb
Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution
A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in
CVE-2025-66480 - Wildfire has Arbitrary File Upload via Directory Traversal in UploadFileAction
CVE ID : CVE-2025-66480 Published : Feb. 2, 2026, 11:16 p.m. | 37 minutes ago Description : Wildfire IM is an instant messaging and real-time audio/video solution. Prior to 1.4.3, a critical vulnerability exists in th
DynoWiper Data-Wiping Malware Attacking Energy Companies to Destroy Data
A dangerous new data-wiping malware known as DynoWiper has emerged, targeting energy companies in Poland with destructive attacks designed to permanently erase critical data. The malware surfaced in December 2025 when se
Russian Hacker Alliance Targeting Denmark in Large-Scale Cyberattack
A newly formed Russian hacker alliance known as Russian Legion has launched a coordinated cyberattack campaign against Denmark, threatening critical infrastructure and government services. The alliance, which includes Ca
Hackers Exploiting Microsoft Office 0-day Vulnerability to Deploy Malware
The Russia-linked threat group UAC-0001, also known as APT28, has been actively exploiting a critical zero-day vulnerability in Microsoft Office. The group is using this flaw to deploy sophisticated malware against Ukrai
Gakido CRLF Injection Vulnerability Let Attackers Bypass Security Controls
A critical vulnerability in Gakido, an HTTP client library by HappyHackingSpace, has been discovered that allows attackers to inject arbitrary HTTP headers through CRLF (Carriage Return Line Feed) sequences. Tracked as C
1-Click Clawdbot Vulnerability Enable Malicious Remote Code Execution Attacks
A critical vulnerability in OpenClaw, the open-source AI personal assistant trusted by over 100,000 developers, has been discovered and weaponized into a devastating one-click remote code execution exploit. Security rese
Critical Johnson Controls Products Vulnerabilities Enables Remote SQL Injection Attacks
A critical advisory addressing a severe SQL injection vulnerability affecting multiple Johnson Controls industrial control system products. The vulnerability, tracked as CVE-2025-26385, carries a maximum CVSS v3 severity
Moltbook AI Vulnerability Exposes Email Addresses, Login Tokens, and API Keys
A critical vulnerability in Moltbook, the nascent AI agent social network launched late January 2026 by Octane AI’s Matt Schlicht, exposes email addresses, login tokens, and API keys for its registered entities amid hype
SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations
A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service conditions on critical industrial control systems. The flaw, tracked as CVE-2025-0921, affects sup
CVE-2025-51958 - DokuWiki runcommand Remote Command Execution Vulnerability
CVE ID : CVE-2025-51958 Published : Jan. 30, 2026, 7:16 p.m. | 34 minutes ago Description : aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands
TAMECAT PowerShell-Based Backdoor Exfiltrates Login Credentials from Microsoft Edge and Chrome
A sophisticated PowerShell-based malware named TAMECAT has emerged as a critical threat to enterprise security, targeting login credentials stored in Microsoft Edge and Chrome browsers. This malware operates as part of e
Attackers Hijacked 200+ Websites Exploiting Magento Vulnerability to Gain Root-level Access
A critical security breach has exposed multiple Magento e-commerce platforms worldwide as threat actors successfully exploited a severe authentication flaw to achieve complete system control. The attack campaign, identif
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-24423, carries
SmarterTools patches critical SmarterMail flaw allowing code execution
SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two security bugs in its SmarterMail email software, including a critical