ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
ACF plugin bug gives hackers admin on 50,000 WordPress sites
A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions. [...]
WPair – Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair Protocol
WPair is an Android application designed to identify and demonstrate the CVE-2025-36911 vulnerability affecting millions of Bluetooth audio devices worldwide. The tool addresses a critical authentication bypass flaw disc
Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems
TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices identified. TP-Link fixed a high-severity flaw, tracked as CVE-2026-062
CVE-2025-12985 - License Service: Privilege escalation vulnerability
CVE ID : CVE-2025-12985 Published : Jan. 20, 2026, 3:16 p.m. | 17 minutes ago Description : IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation in
NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services
A critical alert issued on January 19, 2026, warned of rising cyber-attacks by Russian-aligned hacktivist groups targeting UK organisations. These state-aligned threat actors are conducting disruptive denial-of-service (
WordPress Plugin Vulnerability Exposes 100,000+ Sites to Privilege Escalation Attacks
A critical security flaw in the popular Advanced Custom Fields: Extended WordPress plugin has put more than 100,000 websites at risk of full takeover. The vulnerability, tracked as CVE-2025-14533, affects plugin versions
EU plans cybersecurity overhaul to block foreign high-risk suppliers
The European Commission has proposed new cybersecurity legislation mandating the removal of high-risk suppliers to secure telecommunications networks and strengthening defenses against state-backed and cybercrime groups
TP-Link Vulnerability Allows Authentication Bypass Via Password Recovery Feature
A critical authentication vulnerability affecting TP-Link’s VIGI surveillance camera lineup has been disclosed, enabling attackers on local networks to reset administrative credentials without authorization. Tracked as C
UK NCSC warns of Russia-linked hacktivists DDoS attacks
The UK government warns Russia-linked hacktivists are still carrying out DDoS attacks on critical infrastructure and local government systems The UK government warns that Russia-linked hacktivists are continuing DDoS att
Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges
Seven vulnerabilities were disclosed in Process Optimization (formerly ROMeo) 2024.1 and earlier on January 13, 2026, including a critical flaw enabling unauthenticated SYSTEM-level remote code execution. The most severe
WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected
A critical vulnerability in Google’s Fast Pair protocol that allows attackers to hijack Bluetooth audio accessories and track users without their knowledge or consent. Security researchers from KU Leuven have uncovered
Apache bRPC Vulnerability Enables Remote Command Injection
A critical remote command-injection vulnerability has been discovered in Apache bRPC’s built-in heap profiler service, affecting all versions before 1.15.0 across all platforms. The vulnerability allows unauthenticated a
Cloudflare Zero-Day Vulnerability Enables Any Host Access Bypassing Protections
A critical zero-day vulnerability in Cloudflare’s Web Application Firewall (WAF) allowed attackers to bypass security controls and directly access protected origin servers through a certificate validation path. Security
UK govt. warns about ongoing Russian hacktivist group attacks
The U.K. government is warning of continued malicious activity from Russian-aligned hacktivist groups targeting critical infrastructure and local government organizations in the country in disruptive denial-of-service (D
Windows SMB Client Vulnerability Enables Attacker to Own Active Directory
A critical vulnerability in Windows SMB client authentication that enables attackers to compromise Active Directory environments through NTLM reflection exploitation. Classified as an improper access control vulnerabilit
Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes
Security researchers have uncovered significant vulnerabilities in the firmware of Xiaomi’s popular Redmi Buds series, specifically affecting models ranging from the Redmi Buds 3 Pro up to the latest Redmi Buds 6 Pro. Th
BodySnatcher – New Vulnerability Allows Attacker to Impersonate Any ServiceNow User
A critical vulnerability in ServiceNow’s Virtual Agent API and the Now Assist AI Agents application has been discovered, allowing unauthenticated attackers to impersonate any user and execute privileged AI agents remotel
Researchers Gain Access to StealC Malware Command-and-Control Systems
Security researchers successfully exploited vulnerabilities in the StealC malware infrastructure, gaining access to operator control panels and exposing a threat actor’s identity through their own stolen session cookies.
CVE-2026-23800 - WordPress Modular DS plugin <= 2.5.2 - Privilege Escalation vulnerability
CVE ID : CVE-2026-23800 Published : Jan. 16, 2026, 9:15 p.m. | 15 minutes ago Description : Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects M
CVE-2026-21623 - Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla
CVE ID : CVE-2026-21623 Published : Jan. 16, 2026, 3:15 p.m. | 14 minutes ago Description : Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for