ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea
NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell flaw (C
Fortinet Patches Critical Authentication Bypass Vulnerabilities
The two security defects impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO login authentication enabled. The post Fortinet Patches Critical Authentication Bypass Vulnerabilities appeared fi
Ukrainian hacker charged with helping Russian hacktivist groups
U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian st
Ivanti EPM Update Patches Critical Remote Code Execution Flaw
The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. The post Ivanti EPM Update Patches Critical Remote Code Execution Flaw appeared first on SecurityWeek
Microsoft Outlook Vulnerability Let Attackers Execute Malicious Code Remotely
Microsoft has patched a critical remote code execution (RCE)vulnerability in Outlook that could allow attackers to execute malicious code on vulnerable systems. The flaw, tracked as CVE-2025-62562, was released on Decemb
SAP Patches Critical Vulnerabilities With December 2025 Security Updates
Affecting Solution Manager, Commerce Cloud, and jConnect SDK, the bugs could lead to code injection and remote code execution. The post SAP Patches Critical Vulnerabilities With December 2025 Security Updates appeared fi
North Korean Hackers Exploit React2Shell Vulnerability in the Wild to Deploy EtherRAT
A novel, highly sophisticated malware strain targeting vulnerable React Server Components, signaling a significant evolution in how state-sponsored threat actors are exploiting the critical React2Shell vulnerability disc
FortiSandbox OS command injection Vulnerability Let Attackers execute Malicious code
Fortinet has released a critical security update for its FortiSandbox analysis appliances to fix a dangerous vulnerability. If left unpatched, this flaw could allow attackers to take control of the underlying system. The
CISA Warns of WinRAR 0-Day RCE Vulnerability Exploited in Attacks
A high-priority warning regarding a critical security flaw in WinRAR, the popular file compression tool used by millions of Windows users. The vulnerability, tracked as CVE-2025-6218, is currently being exploited by atta
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
Microsoft closed out 2025 with patches for 56 security flaws in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Cri
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day
Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulnerabilities in Windows an
CVE-2025-13954 - Hard-coded cryptographic keys in EZCast Pro II Dongle
CVE ID : CVE-2025-13954 Published : Dec. 10, 2025, 8:29 a.m. | 20 minutes ago Description : Hard-coded cryptographic keys in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization check
Gemini Zero-Click Vulnerability Let Attackers Access Gmail, Calendar, and Docs
A critical zero-click vulnerability dubbed “GeminiJack” in Google Gemini Enterprise and previously Vertex AI Search that let attackers steal sensitive corporate data from Gmail, Calendar, and Docs with minimal effort. Ac
Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws
Fortinet, Ivanti, and SAP have moved to address critical security flaws in their products that, if successfully exploited, could result in an authentication bypass and code execution. The Fortinet vulnerabilities affect
CVE-2025-9056 - Apache AudioLink Local File Overwrite Vulnerability
CVE ID : CVE-2025-9056 Published : Dec. 10, 2025, 4:15 a.m. | 33 minutes ago Description : Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invo
Microsoft 365 Services Disruption in Australia: Users Face Access Issues in Accessing Services
Users across Australia are currently grappling with significant disruptions to critical business tools as Microsoft 365 services experience a widespread outage. The incident, which began on the morning of December 10, 20
UK Sanctions Russian and Chinese Firms Suspected of Being ‘Malign Actors’ in Information Warfare
Britain and its allies face escalating “hybrid threats … designed to weaken critical national infrastructure, undermine our interests and interfere in our democracies.” The post UK Sanctions Russian and Chinese Firms Sus
SAP fixes three critical vulnerabilities across multiple products
SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws. [...]
FortiOS, FortiWeb, and FortiProxy Vulnerability Lets Attackers Bypass FortiCloud SSO Authentication
Fortinet has issued an urgent security advisory regarding a critical vulnerability affecting its FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager product lines. The security flaw, identified as an Improper Verificat
Fortinet warns of critical FortiCloud SSO login auth bypass flaws
Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO authentication. [...]