ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
North Korea-linked Actors Exploit React2Shell to Deploy New EtherRAT Malware
Threat actors with ties to North Korea have likely become the latest to exploit the recently disclosed critical security React2Shell flaw in React Server Components (RSC) to deliver a previously undocumented remote acces
Ivanti Security Update: Patch for Code Execution Vulnerabilities in Endpoint Manager
Ivanti has officially released urgent security updates for its Endpoint Manager (EPM) solution to address four distinct security flaws. The latest advisory highlights one critical vulnerability and three high-severity is
Ivanti warns of critical Endpoint Manager code execution flaw
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely. [...]
CVE-2025-14310 - RethinkDB Classic Buffer Overflow
CVE ID : CVE-2025-14310 Published : Dec. 9, 2025, 4:17 p.m. | 32 minutes ago Description : Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb
Ransomware Targeting Hyper-V and VMware ESXi Surges as Akira Group Exploits System Vulnerabilities
A new wave of ransomware attacks targeting virtual machine platforms has emerged, with the Akira ransomware group leading a campaign against Hyper-V and VMware ESXi systems. These attacks pose a growing threat to enterpr
Critical Emby Server Vulnerability Let Attackers Gain Admin Access
A critical vulnerability has been discovered in Emby Server that allows unauthenticated attackers to gain full administrative access to affected systems. Tracked as CVE-2025-64113 with a severity score of 9.3 out of 10 (
Ruby SAML Library Vulnerability Let Attackers Bypass Authentication
A critical vulnerability has been discovered in the Ruby SAML library that could allow attackers to bypass authentication mechanisms in affected applications completely. The flaw, tracked as CVE-2025-66567, impacts all v
New Prompt Injection Attack via Malicious MCP Servers Let Attackers Drain Resources
Security researchers have uncovered critical vulnerabilities in the Model Context Protocol (MCP) sampling feature. Revealing how malicious servers can exploit LLM-integrated applications to conduct resource theft, conver
Zoom Rooms for Windows and macOS Flaws Enable Privilege Escalation and Sensitive Data Leaks
Zoom has disclosed two critical security vulnerabilities in its Zoom Rooms software for Windows and macOS, which could allow attackers with local access to escalate privileges or expose sensitive information. Tracked as
Hackers Exploiting Vulnerabilities in Ivanti Connect Secure to Deploy MetaRAT Malware
A China-based attack group has launched a targeted campaign against Japanese shipping and transportation companies by exploiting critical vulnerabilities in Ivanti Connect Secure (ICS). The campaign, uncovered in April 2
New Mirai Botnet Variant ‘Broadside’ Actively Attacking Users in the Wild
A sophisticated new variant of the Mirai botnet, named “Broadside,” has emerged as an active threat targeting maritime shipping companies and vessel operators. The malware exploits a critical vulnerability in TBK Digital
CISA Warns of D-Link Routers Buffer Overflow Vulnerability Exploited in Attacks
A critical buffer overflow vulnerability affecting D-Link routers has been added to the CISA catalog of Known Exploited Vulnerabilities, indicating active exploitation in the wild. The flaw, tracked as CVE-2022-37055, po
SAP Security Patch Day: Fix for Critical Vulnerabilities in SAP Solution Manager, NetWeaver, and Other Products
SAP released 14 new security notes on its monthly Security Patch Day on December 9, 2025, addressing vulnerabilities across key products, including SAP Solution Manager, NetWeaver, Commerce Cloud, and more. Three critica
500+ Apache Tika Toolkit Instances Vulnerable to Critical XXE Attack Exposed Online
Over 565 internet-exposed Apache Tika Server instances are vulnerable to a critical XML External Entity (XXE) injection flaw. That could enable attackers to steal sensitive data, launch denial-of-service attacks, or cond
Burp Suite’s Scanning Arsenal Powered With Detection for Critical React2Shell Vulnerabilities
PortSwigger has enhanced Burp Suite’s scanning arsenal with the latest update to its ActiveScan++ extension, introducing detection for the critical React2Shell vulnerabilities (CVE-2025-55182 and CVE-2025-66478). This se
CVE-2025-66627 - Wasmi's Linear Memory has a Critical Use After Free Vulnerability
CVE ID : CVE-2025-66627 Published : Dec. 9, 2025, 2:52 a.m. | 3 hours, 57 minutes ago Description : Wasmi is a WebAssembly interpreter focused on constrained and embedded systems. In versions 0.41.0, 0.41.1, 0.42.0 th
Hackers Exploit AWS IAM Eventual Consistency to Establish Persistence
A critical persistence technique in AWS Identity and Access Management (IAM) stemming from its eventual consistency model, allowing attackers to retain access even after defenders delete compromised access keys. AWS IAM,
Hackers Can Leverage Delivery Receipts on WhatsApp and Signal to Extract User Private Information
Security researchers have exposed a critical privacy flaw dubbed “Careless Whisper” that lets attackers monitor user activity on WhatsApp and Signal through silent delivery receipts, without alerting victims or needing p
CISA Adds Critical React2Shell Vulnerability to KEV Catalog Following Active Exploitation
A critical vulnerability affecting Meta React Server Components has been added to the Known Exploited Vulnerabilities catalog, signalling widespread active exploitation by CISA. Tracked as CVE-2025-55182, this remote cod
Critical Cal.com Vulnerability Let Attackers Bypass Authentication Via Fake TOTP Codes
A severe authentication bypass vulnerability has been discovered in cal.com, the popular open-source scheduling platform. Allowing attackers to gain unauthorized access to user accounts by submitting fake TOTP codes. Acc