ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
SonicOS SSLVPN Vulnerability Let Attackers Crash the Firewall Remotely
SonicWall has disclosed a critical stack-based buffer overflow vulnerability in its SonicOS SSLVPN service. That allows remote unauthenticated attackers to crash firewalls through denial-of-service attacks. The vulnerabi
Salesforce Confirms that Customers’ Data Was accessed Following the Gainsight Breach
Salesforce has issued a critical security alert identifying “unusual activity” involving Gainsight-published applications connected to customer environments. The CRM giant’s investigation indicates that this activity may
Oracle Allegedly Breached by Clop Ransomware via E-Business Suite 0-Day Hack
The notorious Clop ransomware gang has listed Oracle on its dark web leak site, alleging a successful breach of the tech giant’s internal systems. This development is part of a massive extortion campaign exploiting a cri
Critical Windows Graphics Vulnerability Lets Hackers Seize Control with a Single Image
A critical remote code execution flaw in Microsoft’s Windows Graphics Component allows attackers to seize control of systems using specially crafted JPEG images. With a CVSS score of 9.8, this vulnerability poses a sever
New Ransomware Variants Targeting Amazon S3 Services Leveraging Misconfigurations and Access Controls
A new wave of ransomware attacks is targeting cloud storage environments, specifically focusing on Amazon Simple Storage Service (S3) buckets that contain critical business data. Unlike traditional ransomware that encryp
Lessons from Oracle E-Business Suite Hack That Allegedly Compromises Nearly 30 Organizations Worldwide
A sophisticated cyberattack targeting Oracle E-Business Suite (EBS) customers has exposed critical vulnerabilities in enterprise resource planning systems, compromising an estimated 100 organizations worldwide between Ju
Critical N-able N-central Vulnerabilities Allow attacker to interact with legacy APIs and read sensitive files
N-able’s N-central remote management and monitoring (RMM) platform faces critical security risks following the discovery of multiple vulnerabilities. According to Horizon3.ai, it allows unauthenticated attackers to bypas
Critical Twonky Server Vulnerabilities Let Attackers Bypass Authentication
Twonky Server version 8.5.2 contains two critical authentication bypass vulnerabilities that allow unauthenticated attackers to gain full administrative access to the media server software. Rapid7 discovered that the vul
SolarWinds Patches Three Critical Serv-U Vulnerabilities
SolarWinds Serv-U is affected by vulnerabilities that can be exploited for remote code execution. The post SolarWinds Patches Three Critical Serv-U Vulnerabilities appeared first on SecurityWeek.
Cline AI Coding Agent Vulnerabilities Enables Prompt Injection, Code Execution, and Data Leakage
Cline is an open-source AI coding agent with 3.8 million installs and over 52,000 GitHub stars. Contains four critical security vulnerabilities that enable attackers to execute arbitrary code and exfiltrate sensitive dat
W3 Total Cache WordPress plugin vulnerable to PHP command injection
A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. [...]
Hackers Actively Exploiting 7-Zip RCE Vulnerability in the Wild
Hackers have begun actively exploiting a critical remote code execution (RCE) vulnerability in the popular file archiver 7-Zip, putting millions of users at risk of malware infection and system compromise. The flaw, trac
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, November 19th, 2025, CyberNewsWire SquareX released critical research exposing a hidden API in Comet that allows extensions in the AI Browser to execute local commands and gain full control over us
CISA Warns of Fortinet FortiWeb OS Command Injection Vulnerability Exploited in the Wild
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical vulnerability affecting Fortinet FortiWeb appliances that threat actors are currently exploiting in active attacks
Multiple Vulnerabilities in D-Link EoL/EoS Routers Allows Remote Code Execution Attacks
Multiple critical vulnerabilities affect D-Link DIR-878 routers across all models and firmware revisions. These devices reached the end of life on January 31, 2021. They will no longer receive security updates or technic
UK government unveils essential signals safeguarding scheme
<p>Just as it was warning of the activities of a Russian spy ship close to UK territorial waters, in particular how it could present a threat to communications, the UK government has announced it is to spend £155m to boo
Critical SolarWinds Serv-U Vulnerabilities Let Attackers Execute Malicious Code Remotely as Admin
SolarWinds has released security patches addressing three critical remote code execution vulnerabilities in Serv-U that could allow attackers with administrative privileges to execute arbitrary code on affected systems.
WhatsApp Vulnerability Exposes 3.5 Billion Users’ Phone Numbers
A critical security flaw in WhatsApp has allowed researchers to expose the phone numbers of 3.5 billion users, marking one of the most significant data leaks ever documented. This vulnerability, rooted in the app’s conta
Cloudflare Global Outage Breaks Internet – Major Platforms on the Internet Go Down
A widespread outage at Cloudflare, a critical internet infrastructure provider, disrupted access to numerous high-profile websites and services on November 18, 2025, causing intermittent failures across the global web. T
W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks
A critical command injection vulnerability has been discovered in the W3 Total Cache plugin, one of WordPress’s most popular caching solutions used by approximately 1 million websites. The vulnerability, tracked as CVE-2