ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Cloudflare Global Outage Breaks Internet – Major Platforms on the Internet Go Down
A widespread outage at Cloudflare, a critical internet infrastructure provider, disrupted access to numerous high-profile websites and services on November 18, 2025, causing intermittent failures across the global web. T
W3 Total Cache Command Injection Vulnerability Exposes 1 Million WordPress Sites to RCE Attacks
A critical command injection vulnerability has been discovered in the W3 Total Cache plugin, one of WordPress’s most popular caching solutions used by approximately 1 million websites. The vulnerability, tracked as CVE-2
CISA Warns of Critical Lynx+ Gateway Vulnerability Exposes Data in Cleartext
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about a severe vulnerability in Lynx+ Gateway devices that could expose sensitive information in clear text during transmission. T
IBM AIX Vulnerabilities Let Remote Attacker Execute Arbitrary Commands
IBM has released critical security updates addressing two severe vulnerabilities in its AIX operating system that could allow remote attackers to execute arbitrary commands on affected systems. Both vulnerabilities stem
Chrome Type Confusion Zero-Day Vulnerability Actively Exploited in the Wild
Google has rushed out a critical update for its Chrome browser to address a zero-day vulnerability actively exploited in the wild, urging users to update immediately to mitigate the risk posed by sophisticated attackers.
RondoDox botnet malware now hacks servers using XWiki flaw
The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. [...]
Yurei Ransomware File Encryption, Operation Model and Data Transfer Methods Uncovered
A new threat has emerged in the ransomware landscape with the discovery of Yurei ransomware, first publicly identified in early September 2025. This Go-based malware follows a typical ransomware operation model by infilt
Hackers Leverages Microsoft Entra Tenant Invitations to Launch TOAD Attacks
A new phishing campaign has emerged that weaponizes Microsoft Entra guest user invitations to deceive recipients into making phone calls to attackers posing as Microsoft support. The attack leverages a critical security
CISA Warns of Fortinet FortiWeb WAF Vulnerability Exploited in the Wild to Gain Admin Access
CISA has issued an urgent alert about a critical vulnerability in Fortinet’s FortiWeb Web Application Firewall (WAF), actively exploited by threat actors to seize administrative control of affected systems. Tracked as CV
Critical RCE Vulnerabilities in AI Inference Engines Exposes Meta, Nvidia and Microsoft Frameworks
As artificial intelligence infrastructure rapidly expands, critical security flaws threaten the backbone of enterprise AI deployments. Security researchers at Oligo Security have uncovered a series of dangerous Remote Co
Hackers Exploiting XWiki Vulnerability in the Wild to Hire the Servers for Botnet
A sharp increase in attacks targeting a critical vulnerability in XWiki servers. Multiple threat actors are actively exploiting CVE-2025-24893 to deploy botnets and coin miners, and to establish unauthorized server acces
RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 to gain RCE and infect more servers, despite fixes released in February 2025. RondoDox is targeting unpatched XWiki servers via critical RCE flaw CVE-2025-2489
Hackers Use Rogue MCP Server to Inject Malicious Code and Control the Cursor’s Built-in Browser
A critical vulnerability allowing attackers to inject malicious code into Cursor’s embedded browser through compromised MCP (Model Context Protocol) servers. Unlike VS Code, Cursor lacks integrity verification on its pro
Multiple Vulnerabilities in GoSign Desktop lead to Remote Code Execution
Researchers found a critical vulnerability in GoSign Desktop: TLS Certificate Validation Disabled and Unsigned Update Mechanism. GoSign is an advanced and qualified electronic signature solution developed by Tinexta Info
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution. The vulnerability in question is
PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild
A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal flaw that has already been o
Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers
A severe remote code execution (RCE) flaw has been uncovered in pgAdmin4, the popular open-source interface for PostgreSQL databases. Dubbed CVE-2025-12762, the vulnerability affects versions up to 9.9 and could allow at
Critical FortiWeb WAF Flaw Exploited in the Wild, Enabling Full Admin Takeover
Fortinet has issued an urgent advisory warning of a critical vulnerability in its FortiWeb web application firewall (WAF) product, which attackers are actively exploiting in the wild. Identified as CVE-2025-64446, the fl
Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability
Security firms say the flaw has been actively exploited for weeks, even as Fortinet quietly shipped fixes and CISA added the bug to its KEV catalog. The post Fortinet Confirms Active Exploitation of Critical FortiWeb Vul
Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely
ASUS fixed a critical auth-bypass flaw (CVE-2025-59367) in DSL routers that let remote, unauthenticated attackers access devices with ease. ASUS patched a critical auth-bypass flaw, tracked as CVE-2025-59367 (CVSS score