ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Unity Real-Time Development Platform Vulnerability Let Attackers Execute Arbitrary Code
Unity Technologies has issued a critical security advisory warning developers about a high-severity vulnerability affecting its widely used game development platform. The flaw, designated CVE-2025-59489, exposes applica
Threat Actors Pose as Government Officials to Attack Organizations with StallionRAT
In recent months, a sophisticated campaign dubbed Cavalry Werewolf has emerged, targeting government and critical infrastructure organizations across Russia and neighboring regions. Adversaries initiated these attacks by
TOTOLINK X6000R Router Vulnerabilities Let Remote Attackers Execute Arbitrary Commands
Critical security flaws have been discovered in the TOTOLINK X6000R wireless router, exposing users to severe risks of remote code execution and unauthorized system access. These vulnerabilities affect the router’s web i
DrayOS Routers Vulnerability Let Attackers Execute Malicious Code Remotely
A critical vulnerability has been discovered in DrayTek’s DrayOS routers, which could allow unauthenticated remote attackers to execute malicious code. The flaw, tracked as CVE-2025-10547, affects a wide range of Vigor r
PoC exploit Released for VMware Workstation guest-to-host escape Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical vulnerability chain in VMware Workstation that allows an attacker to escape from a guest virtual machine and execute arbitrary code on the host operating
Automating Pentest Delivery: 7 Key Workflows for Maximum Impact
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered has
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into
Chrome Security Update – Patch for 21 Vulnerabilities that Allows Attackers to Crash Browser
Google has released Chrome 141 to address 21 security vulnerabilities, including critical flaws that could allow attackers to crash browsers and potentially execute malicious code. The update, rolling out across Windows,
Ukraine Warns of Weaponized XLL Files Delivers CABINETRAT Malware Via Zip Files
Ukrainian security agencies have issued an urgent warning regarding a sophisticated malware campaign targeting government and critical infrastructure sectors through weaponized XLL files distributed via compressed archiv
CISA Warns of Cisco IOS and IOS XE SNMP Vulnerabilities Exploited in Attacks
Cisco’s Simple Network Management Protocol (SNMP) implementations in IOS and IOS XE have come under intense scrutiny following reports of active exploitation in the wild. First disclosed in August 2025, CVE-2025-20352 de
Cybersecurity Awareness Month 2025: Prioritizing Identity to Safeguard Critical Infrastructure
This year’s theme focuses on government entities and small and medium-sized businesses that are vital to protecting the systems and services that keep our communities running. The post Cybersecurity Awareness Month 2025
48+ Cisco Firewalls Vulnerable to Actively Exploited 0-Day Vulnerability in the Wild
A critical zero-day vulnerability affecting thousands of Cisco firewalls is being actively exploited by threat actors in the wild. The vulnerability, tracked as CVE-2025-20333, poses an immediate risk to organizations w
OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely
The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to execute remote code and potentially recover private cryptographic keys. These fla
CISA Warns of Libraesva ESG Command Injection Vulnerability Actively Exploited in Attacks
In late September 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued a public alert regarding the active exploitation of a critical command injection vulnerability tracked as CVE-2025-59689 in Libra
Critical WD My Cloud bug allows remote command injection
Western Digital has released firmware updates for multiple My Cloud NAS models to patch a critical-severity vulnerability that could be exploited remotely to execute arbitrary system commands. [...]
CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks
CISA has issued an urgent advisory regarding a critical vulnerability in the Linux and Unix sudo utility CVE-2025-32463 that is currently being exploited in the wild. This flaw allows local adversaries to bypass access
CISA warns of critical Linux Sudo flaw exploited in attacks
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems. [...]
Hackers Actively Scanning to Exploit Palo Alto Networks PAN-OS Global Protect Vulnerability
Security researchers are observing a significant increase in internet-wide scans targeting the critical PAN-OS GlobalProtect vulnerability (CVE-2024-3400). Exploit attempts have surged as attackers seek to leverage an a
Apple fixes critical font processing bug. Update now!
Apple has patched a serious vulnerability (CVE-2025-43400) in how devices handle fonts.
Critical Western Digital My Cloud NAS Devices Vulnerability Let Attackers Execute Malicious Code
Western Digital has released security updates for a critical vulnerability affecting multiple My Cloud network-attached storage (NAS) devices. The flaw, tracked as CVE-2025-30247, could allow a remote attacker to execute