ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Angular HTTP Client Vulnerability Exposes XSRF Token to an Attacker-Controlled Domain
A critical security vulnerability has been discovered in the Angular framework that could allow attackers to steal sensitive user security tokens. The vulnerability, tracked as CVE-2025-66035, affects the Angular HttpCli
Hackers Actively Attacking Telecommunications & Media Industry to Deploy Malicious Payloads
Cybercriminals are launching increasingly sophisticated attacks against the telecommunications and media industry, focusing their efforts on deploying malicious payloads that compromise critical infrastructure. Recent se
New ASUS firmware patches critical AiCloud vulnerability
ASUS released new firmware to address multiple vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. ASUS has issued new firmware addressing nine security vulnerabilities, incl
Threat Actors Allegedly Listed iOS 26 Full‑Chain 0‑Day Exploit on Dark Web
A threat actor operating under the alias ResearcherX has posted what they claim to be a full‑chain zero‑day exploit targeting Apple’s recently released iOS 26 operating system. The listing, which appeared on a prominent
New Unauthenticated DoS Vulnerability Crashes Next.js Servers with a Single Request
A newly discovered critical vulnerability in the Next.js framework allows attackers to crash self-hosted servers using a single HTTP request, requiring negligible resources to execute. Discovered by researchers at Harmon
CVE-2025-62593 - Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack
CVE ID : CVE-2025-62593 Published : Nov. 26, 2025, 11:15 p.m. | 2 hours, 3 minutes ago Description : Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be explo
ASUS warns of new critical auth bypass flaw in AiCloud routers
ASUS has released new firmware to patch nine security vulnerabilities, including a critical authentication bypass flaw in routers with AiCloud enabled. [...]
Developers Expose Passwords and API Keys via Online Tools like JSONFormatter
Developers are unintentionally exposing passwords, API keys, and sensitive data in production information into online formatting tools such as JSONFormatter and CodeBeautify. New research from watchTowr shows that thousa
CVE-2025-64657 - Azure Application Gateway Elevation of Privilege Vulnerability
CVE ID : CVE-2025-64657 Published : Nov. 26, 2025, 12:20 a.m. | 56 minutes ago Description : None Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more
CVE-2025-64656 - Azure Application Gateway Elevation of Privilege Vulnerability
CVE ID : CVE-2025-64656 Published : Nov. 26, 2025, 12:20 a.m. | 57 minutes ago Description : None Severity: 9.4 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more
CVE-2025-61168 - SIGB PMB Unserialization Code Execution Vulnerability
CVE ID : CVE-2025-61168 Published : Nov. 25, 2025, 7:15 p.m. | 4 hours ago Description : An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arb
CVE-2025-13483 - Missing Authentication for Critical Function in SiRcom SMART Alert (SiSA)
CVE ID : CVE-2025-13483 Published : Nov. 25, 2025, 6:15 p.m. | 1 hour ago Description : SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login
Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys
New research has found that organizations in various sensitive sectors, including governments, telecoms, and critical infrastructure, are pasting passwords and credentials into online tools like JSONformatter and CodeBea
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Cybersecurity researchers are calling attention to a new campaign that's leveraging a combination of ClickFix lures and fake adult websites to deceive users into running malicious commands under the guise of a "critical"
Critical FluentBit Vulnerabilities Let Attackers to Cloud Environments Remotely
A new chain of five critical vulnerabilities discovered in Fluent Bit has exposed billions of containerized environments to remote compromise. Fluent Bit, an open-source logging and telemetry agent deployed over 15 billi
Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack
Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, orchestrated by the notorious Clop ran
HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials
A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability, tracked as CVE-2025-
Microsoft’s Update Health Tools Configuration Vulnerability Let Attackers Execute Arbitrary Code Remotely
A critical remote code execution (RCE) vulnerability in Microsoft’s Update Health Tools (KB4023057). A widely deployed Windows component designed to expedite security updates through Intune. The flaw stems from the tool
NVIDIA’s Isaac-GROOT Robotics Platform Vulnerability Let Attackers Inject Malicious Codes
NVIDIA has disclosed two critical code injection vulnerabilities affecting its Isaac-GR00T robotics platform. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, exist within Python components and could al
PoC released for W3 Total Cache Vulnerability that Exposes 1+ Million Websites to RCE Attacks
A proof-of-concept exploit has been publicly released for CVE-2025-9501, a critical, unauthenticated command-injection vulnerability affecting W3 Total Cache, one of WordPress’s most widely deployed caching plugins. With