ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Hackers Exploiting Hikvision Camera Vulnerability to Access Sensitive Information
A critical vulnerability in Hikvision security cameras, first disclosed in 2017, is being actively exploited by hackers to gain unauthorized access to sensitive information. SANS researchers observed a recent surge in ma
BMC Firmware Vulnerabilities Allow Attackers to Bypass Signature Verification Features
Critical vulnerabilities discovered in Supermicro Baseboard Management Controller (BMC) firmware have exposed a troubling pattern where inadequate security fixes create new attack vectors, allowing sophisticated adversar
Critical DNN Platform Vulnerability Let Attackers Execute Malicious Scripts
A critical stored cross-site scripting vulnerability has emerged in the popular DotNetNuke (DNN) Platform, threatening websites powered by this widely-used content management system. The vulnerability, tracked as CVE-202
Two Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI Models
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks
SolarWinds fixed a critical RCE flaw in its Web Help Desk software
SolarWinds fixed a critical flaw in its Web Help Desk software that could allow attackers to execute arbitrary commands on vulnerable systems. SolarWinds has released hot fixes to address a critical flaw, tracked as CVE-
Salesforce CLI Installer Vulnerability Let Attackers Execute Code and Gain SYSTEM-Level Access
A critical vulnerability in the Salesforce CLI installer (sf-x64.exe) enables attackers to achieve arbitrary code execution, privilege escalation, and SYSTEM-level access on Windows systems. Tracked as CVE-2025-9844, th
How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw
US CISA revealed that threat actors exploited an unpatched vulnerability in GeoServer to breach a U.S. federal civilian agency’s network. Threat actors breached a U.S. federal agency via unpatched GeoServer flaw, tracked
CISA Details That Hackers Gained Access to a U.S. Federal Agency Network Via GeoServer RCE Vulnerability
CISA has released a comprehensive cybersecurity advisory detailing how threat actors successfully compromised a U.S. federal civilian executive branch agency’s network by exploiting CVE-2024-36401, a critical remote code
SolarWinds releases third patch to fix Web Help Desk RCE bug
SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication. [...]
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on susceptible systems. The
SolarWinds Web Help Desk Vulnerability Enables Unauthenticated RCE
SolarWinds has released an urgent security advisory for a critical vulnerability in its Web Help Desk software that could allow an unauthenticated attacker to achieve remote code execution (RCE). The flaw, tracked as CVE
Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited
A new ranking of Model Context Protocol weaknesses highlights critical risks—from prompt injection to command injection—and provides a roadmap for securing the foundations of agentic AI. The post Top 25 MCP Vulnerabiliti
GitHub Enhances NPM’s Security with Strict Authentication, Granular Tokens, and Trusted Publishing
Recent High-profile supply‐chain attacks have exposed critical weaknesses in package registry security, prompting GitHub to roll out a suite of defenses designed to harden the npm ecosystem. “GitHub Enhances npm’s secur
Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands
A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted email attachments. The vulnerability, tra
Mozilla now lets Firefox add-on devs roll back bad updates
Mozilla has announced a new feature that enables Firefox extension developers to roll back to previously approved versions, allowing them to quickly address critical bugs and issues. [...]
From breach to resilience: How the Electoral Commission rebuilt its cyber defences
<p>When most people think of <a href="https://www.techtarget.com/whatis/definition/critical-infrastructure" target="_blank" rel="noopener">critical national infrastructure</a> (CNI), they tend to picture energy grids, tr
Chrome Type Confusion 0-Day Vulnerability Code Analysis Released
Google Chrome’s V8 JavaScript engine has been compromised by a critical type confusion zero-day vulnerability, designated CVE-2025-10585, marking the sixth actively exploited Chrome zero-day discovered in 2025. This hig
Hackers Bypassing Windows Mark of the Web Files Using LNK Stomping Attack
A sophisticated attack technique called LNK Stomping has emerged as a critical threat to Windows security, exploiting a fundamental flaw in how the operating system handles shortcut files to bypass security controls. De
Fortra Patches Critical GoAnywhere MFT Vulnerability
Tracked as CVE-2025-10035 (CVSS score of 10), the critical deserialization vulnerability could be exploited for command injection. The post Fortra Patches Critical GoAnywhere MFT Vulnerability appeared first on SecurityW
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, t