ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
TP-Link urges immediate updates for Omada Gateways after critical flaws discovery
TP-Link warns of critical flaws in Omada gateways across ER, G, and FR models. Users should update firmware immediately to stay secure. TP-Link is warning users of critical flaws impacting its Omada gateway devices. The
Critical Vulnerability in MCP Server Platform Exposes 3,000+ Servers and Thousands of API Keys
A critical vulnerability in Smithery.ai, a popular registry for Model Context Protocol (MCP) servers. This issue could have allowed attackers to steal from over 3,000 AI servers and take API keys from thousands of users
Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code
A critical argument injection flaw in three unnamed popular AI agent platforms enables attackers to bypass human approval safeguards and achieve remote code execution (RCE) through seemingly innocuous prompts. According
Critical Vulnerabilities Patched in TP-Link’s Omada Gateways
One of the flaws can be exploited by remote unauthenticated attackers for arbitrary command execution. The post Critical Vulnerabilities Patched in TP-Link’s Omada Gateways appeared first on SecurityWeek.
PhantomCaptcha ClickFix attack targets Ukraine war relief orgs
A spearphishing attack that lasted a single day targeted members of the Ukrainian regional government administration and organizations critical for the war relief effort in Ukraine, including the International Committee
Multiple Gitlab Security Vulnerabilities Let Attackers Trigger DoS Condition
GitLab has urgently released patch versions 18.5.1, 18.4.3, and 18.3.5 for its Community Edition (CE) and Enterprise Edition (EE) to address multiple critical security flaws, including several high-severity denial-of-ser
Decoding Microsoft 365 Audit Log Events Using Bitfield Mapping Technique – Investigation Report
When users authenticate to Microsoft cloud services, their activities generate authentication events recorded across multiple logging systems. Microsoft Entra sign-in logs and Microsoft 365 audit logs capture identical a
Chinese Hackers Using ToolShell Vulnerability To Compromise Networks Of Government Agencies
China-based threat actors have exploited the critical ToolShell vulnerability in Microsoft SharePoint servers to infiltrate networks across multiple continents, targeting government agencies and critical infrastructure i
Critical Vulnerability In Oracle E-Business Suite’s Marketing Product Allows Full Access To Attackers
Oracle has disclosed two critical vulnerabilities in its E-Business Suite’s Marketing product that could hand full control to remote attackers. Dubbed CVE-2025-53072 and CVE-2025-62481, these flaws affect the Marketing A
Bridging the Remediation Gap: Introducing Pentera Resolve
From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and
Oracle Releases October 2025 Patches
The Critical Patch Update contains 374 new security patches that resolve many vulnerabilities. The post Oracle Releases October 2025 Patches appeared first on SecurityWeek.
ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration
A critical authorization bypass vulnerability has emerged in ZYXEL’s ATP and USG series network security appliances, allowing attackers to circumvent two-factor authentication protections and gain unauthorized access to
TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
TP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution. The vulnerabilities in question are listed
TP-Link warns of critical command injection flaw in Omada gateways
TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. [...]
Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT
A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been active
CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products. Tracked as CVE-2022-48503, this unspecified issue in the JavaScriptC
CISA Warns Of Oracle E-Business Suite SSRF Vulnerability Actively Exploited In Attacks
CISA has issued an urgent alert about a critical server-side request forgery (SSRF) vulnerability in Oracle E-Business Suite, now actively exploited by threat actors. Tracked as CVE-2025-61884, the flaw affects the Runti
Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw
Affecting the Fireware OS iked process, the vulnerability can lead to remote code execution and does not require authentication. The post Over 73,000 WatchGuard Firebox Devices Impacted by Recent Critical Flaw appeared f
ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration
A critical vulnerability in Zyxel’s ATP and USG series firewalls that allows attackers to bypass authorization controls and access sensitive system configurations. Dubbed CVE-2025-9133, this flaw affects devices running
Critical ASP.NET Vulnerability Allows Attacker To Bypass Security Feature Remotely
Microsoft has disclosed a serious security flaw in ASP.NET Core that enables authenticated attackers to smuggle HTTP requests and evade critical protections. Tracked as CVE-2025-55315, the vulnerability stems from incons