ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Microsoft Investigation Defender portal Issue That Blocking Users Access
Microsoft is currently investigating a service disruption affecting the Microsoft Defender portal, which has blocked numerous security professionals from accessing critical threat management tools. The issue, tracked und
CVE-2025-41742 - Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components
CVE ID : CVE-2025-41742 Published : Dec. 2, 2025, 10:39 a.m. | 9 minutes ago Description : Sprecher Automations SPRECON-E-C, SPRECON-E-P, SPRECON-E-T3 is vulnerable to attack by an unauthorized remote attacker via de
Apache Struts Vulnerability Let Attackers Trigger Disk Exhaustion Attacks
A critical security flaw in Apache Struts could allow attackers to trigger disk exhaustion attacks, rendering affected systems unusable. The vulnerability, tracked as CVE-2025-64775, stems from a file leak in multipart r
Unmasking Attacks With Cisco XDR at the GovWare SOC
During GovWare, Cisco XDR detected 39 incidents. The SOC team conducted analysis and response actions, and reported critical incidents to the GovWare NOC.
Google Patches Android 0-Day Vulnerabilities Exploited in the Wild
Google has released critical security updates to address multiple zero-day vulnerabilities affecting Android devices worldwide. The December 2025 security bulletin reveals that threat actors are actively exploiting at le
OpenVPN Vulnerabilities Let Hackers Triggers Dos Attack and Bypass Security Checks
OpenVPN has released critical security updates for its 2.6 stable and 2.7 development branches, addressing three vulnerabilities that could lead to local denial-of-service (DoS), security bypasses, and buffer over-reads.
CVE-2025-66401 - MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL
CVE ID : CVE-2025-66401 Published : Dec. 1, 2025, 11:15 p.m. | 1 hour, 32 minutes ago Description : MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCP
CVE-2025-66301 - Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions
CVE ID : CVE-2025-66301 Published : Dec. 1, 2025, 10:15 p.m. | 32 minutes ago Description : Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical field
CVE-2025-13829 - Data Illusion Zumbrunn NGSurvey Unauthorized Information Disclosure
CVE ID : CVE-2025-13829 Published : Dec. 1, 2025, 4:15 p.m. | 32 minutes ago Description : Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurveyallows any logged-in user to obtain the private inform
Microsoft Azure API Management Flaw Enables Cross-Tenant Account Creation, Bypassing Admin Restrictions
A critical security vulnerability in Microsoft Azure API Management (APIM) Developer Portal enables attackers to register accounts across different tenant instances, even when administrators have explicitly disabled user
CVE-2025-12106 - OpenVPN Heap Buffer Over-Read Vulnerability
CVE ID : CVE-2025-12106 Published : Dec. 1, 2025, 1:16 p.m. | 7 hours, 32 minutes ago Description : Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer ov
Critical Apache bRPC Framework Vulnerability Let Attackers Crash the Server
A critical security vulnerability has been discovered in the Apache bRPC framework that could allow remote attackers to crash servers by sending specially crafted JSON data. The flaw, tracked as CVE-2025-59789, affects a
PoC Exploit Released for Critical Outlook 0-Click Remote Code Execution Vulnerability
A Proof-of-Concept (PoC) exploit code has been released for a critical remote code execution (RCE) vulnerability in Microsoft Outlook, identified as CVE-2024-21413. Dubbed “MonikerLink,” this flaw allows attackers to byp
CISA Warns of OpenPLC ScadaBR cross-site scripting vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has officially updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical flaw in OpenPLC ScadaBR, confirming that threat actors are active
CVE-2025-65112 - PubNet Critical Authentication Bypass Allows Unauthenticated Package Upload and Identity Spoofing
CVE ID : CVE-2025-65112 Published : Nov. 29, 2025, 1:16 a.m. | 1 hour, 13 minutes ago Description : PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in P
Handala Hacker Group Attacking Israeli High-Tech and Aerospace Professionals
The Handala hacker group has launched a targeted campaign against Israeli high-tech and aerospace professionals, marking a concerning shift in geopolitically motivated cyber operations. The group recently published a lis
Shai Hulud 2.0 Compromises 1,200+ Organizations, Exposing Critical Runtime Secrets
The Shai Hulud 2.0 worm, first detected on November 24, 2025, has compromised nearly 1,200 organizations, including major banks, government bodies, and Fortune 500 technology firms. While initial reports described it as
Scattered Lapsus$ Hunters Registered 40+ Domains Mimicking Zendesk Environments
A sophisticated, complex new cyber offensive has emerged from the “Scattered Lapsus$ Hunters,” a threat collective that has aggressively shifted toward exploiting supply-chain vulnerabilities. This latest campaign target
CVE-2025-64314 - Cisco Memory Management Permission Control Vulnerability
CVE ID : CVE-2025-64314 Published : Nov. 28, 2025, 2:26 a.m. | 54 minutes ago Description : Permission control vulnerability in the memory management module. Impact: Successful exploitation of this vulnerability may a
Gitlab Patches Multiple Vulnerabilities that Enable Authentication Bypass and DoS Attacks
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE) to address multiple high-severity vulnerabilities. The patches, rolled out in versions 18.6.1, 18.5.3, and 18.4.5,