ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Chrome Security Update – Patch for Critical Vulnerabilities that Enables Remote Code Execution
Google has released Chrome version 143.0.7499.146/.147 to address critical security vulnerabilities that could enable remote code execution on affected systems. The update is now rolling out to Windows and Mac users, wit
Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure
A Russian state-sponsored hacking group has been targeting network edge devices in Western critical infrastructure since 2021, with operations intensifying throughout 2025. The campaign, linked to Russia’s Main Intellige
CVE-2025-33210 - NVIDIA Isaac Lab Deserialization Code Execution Vulnerability
CVE ID : CVE-2025-33210 Published : Dec. 16, 2025, 6:16 p.m. | 35 minutes ago Description : NVIDIA Isaac Lab contains a deserialization vulnerability. A successful exploit of this vulnerability might lead to code exe
Microsoft Details Mitigations Against React2Shell RCE Vulnerability in React Server Components
Microsoft has released comprehensive mitigations for a critical vulnerability dubbed React2Shell (CVE-2025-55182), which poses severe risks to React Server Components and Next.js environments. With a maximum CVSS score o
CVE-2025-37164 - HPE OneView Remote Code Execution Vulnerability
CVE ID : CVE-2025-37164 Published : Dec. 16, 2025, 4:30 p.m. | 21 minutes ago Description : A remote code execution issue exists in HPE OneView. Severity: 10.0 | CRITICAL Visit the link for more details, such as CVS
Hackers exploit newly patched Fortinet auth bypass flaws
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. [...]
Hackers are exploiting critical Fortinet flaws days after patch release
Threat actors are exploiting two critical Fortinet flaws, tracked as CVE-2025-59718 and CVE-2025-59719, days after patch release, impacting multiple Fortinet products. Threat actors started exploiting two critical flaws,
CISA Warns of Apple WebKit Vulnerability 0-Day Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical zero-day vulnerability in Apple WebKit that is currently being actively exploited in attacks. CISA has added CVE-2025-43529 to its catalog of vulnerabilities requiri
CISO Communities – Cybersecurity’s Secret Weapon
Closed CISO communities act as an information exchange, advice center, pressure valve, and safe haven from critical oversight. The post CISO Communities – Cybersecurity’s Secret Weapon appeared first on SecurityWeek.
Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover
Threat actors have been actively exploiting a critical path-traversal vulnerability in Fortinet’s FortiWeb web application firewall since early October 2025, allowing unauthenticated attackers to create rogue administrat
Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastructure Attacks
After years of exploiting zero-day and n-day vulnerabilities, Russian state-sponsored threat actors are shifting to misconfigured devices. The post Amazon: Russian Hackers Now Favor Misconfigurations in Critical Infrastr
FreePBX Vulnerabilities Enables Authentication Bypass that Leads Remote Code Execution
FreePBX has addressed critical vulnerabilities enabling authentication bypass and remote code execution in its Endpoint Manager module. Discovered by Horizon3.ai researchers, these flaws affect telephony endpoint configu
Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure
Amazon's threat intelligence team has disclosed details of a "years-long" Russian state-sponsored campaign that targeted Western critical infrastructure between 2021 and 2025. Targets of the campaign included energy sect
Critical ScreenConnect Vulnerability Let Attackers Expose Sensitive Configuration Data
ConnectWise has issued a security update for ScreenConnect™ to address a critical vulnerability that could enable attackers to expose sensitive configuration data and install untrusted extensions. The flaw, identified as
In-the-Wild Exploitation of Fresh Fortinet Flaws Begins
Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances. The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek.
Critical FortiGate Devices SSO Vulnerabilities Actively Exploited in the Wild
An active intrusion is targeting critical authentication bypass vulnerabilities in Fortinet’s FortiGate appliances and related products. Threat actors are exploiting CVE-2025-59718 and CVE-2025-59719 to perform unauthent
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and rela
ZnDoor Malware Exploiting React2Shell Vulnerability to Compromise Network Devices
Since December 2025, a concerning trend has emerged across Japanese organizations as attackers exploit a critical vulnerability in React/Next.js applications. The vulnerability, tracked as CVE-2025-55182 and known as Rea
New PCPcat Exploiting React2Shell Vulnerability to compromise 59,000+ Servers
A new malware campaign called PCPcat has successfully compromised more than 59,000 servers in under 48 hours through targeted exploitation of critical vulnerabilities in Next.js and React frameworks. The malware targets
Apache StreamPark Vulnerability Let Attackers Access Sensitive Data
A critical security vulnerability has been discovered in Apache StreamPark that could allow attackers to decrypt sensitive information and gain unauthorized system access. The vulnerability stems from the use of a hard-c