ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Microsoft Entra ID flaw allowed hijacking any company's tenant
A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. [...]
Fortra addressed a maximum severity flaw in GoAnywhere MFT software
Fortra addressed a critical flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. Fortra addressed a critical vulnerability, tracked as CVE-2025-10035 (CVSS sco
Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication
A critical authentication bypass vulnerability has emerged in Nokia’s CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS) Manager API, designated as CVE-2023-49564. This high-severity flaw, scoring
Russian Hacking Groups Gamaredon and Turla Attacking Organizations to Deploy Kazuar Backdoor
In early 2025, cybersecurity researchers observed an unprecedented collaboration between two Russian APT groups targeting Ukrainian organizations. Historically, Gamaredon has focused on broad spear-phishing campaigns aga
CISA Warns of Hackers Exploiting Ivanti Endpoint Manager Mobile Vulnerabilities to Deploy Malware
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding sophisticated malware campaigns targeting Ivanti Endpoint Manager Mobile (EPMM) systems. Cybercriminals are actively exp
Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability
Fortra has disclosed details of a critical security flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. The vulnerability, tracked as CVE-2025-10035, carries
CISA Warns of Delta Electronics Vulnerabilities Let Attackers Bypass Authentication
CISA issued a warning of two critical path traversal flaws in Delta Electronics’ DIALink industrial control system software. With a maximum CVSS v4 base score of 10.0, these vulnerabilities could be exploited remotely w
Critical GoAnywhere MFT Platform Vulnerability Exposes Enterprises to Remote Exploitation
A deserialization flaw in the License Servlet component of Fortra GoAnywhere Managed File Transfer (MFT) platform. Identified as CVE-2025-10035, this vulnerability permits an unauthenticated attacker who can deliver a fo
HubSpot’s Jinjava Engine Vulnerability Exposes Thousands of Websites to RCE Attacks
A newly disclosed flaw in HubSpot’s open-source Jinjava template engine could allow attackers to bypass sandbox restrictions and achieve remote code execution (RCE) on thousands of websites relying on versions prior to 2
UK needs better defences to protect undersea internet cables from Russian sabotage
<p>The government has been urged to step up defences to sabotage threats from Russia against undersea cables that provide critical internet connections for financial services, datacentres and military communications.</p>
Two Scattered Spider Suspects Arrested in UK; One Charged in US
Thalha Jubair and Owen Flowers were charged in the UK and the US with hacking critical infrastructure organizations. The post Two Scattered Spider Suspects Arrested in UK; One Charged in US appeared first on SecurityWeek
Splunk Releases Guide to Detect Remote Employment Fraud Within Your Organization
Detecting remote employment fraud has become a critical priority for organizations striving to secure their digital onboarding processes and safeguard sensitive systems. In recent months, threat actors posing as legitima
Critical Microsoft’s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control
A critical vulnerability in Microsoft’s Entra ID could have allowed an attacker to gain complete administrative control over any tenant in Microsoft’s global cloud infrastructure. The flaw, now patched, was discovered in
PureVPN Vulnerability Exposes Users IPv6 Address While Toggling Wi-Fi
PureVPN’s Linux clients leak users’ IPv6 addresses when Wi-Fi reconnections or system resumes occur, and also obliterate host firewall rules without restoring them upon disconnect. This undermines privacy guarantees and
BMW Allegedly Breached by Everest Ransomware Group, Internal Documents Reportedly Stolen
The infamous Everest ransomware group has reportedly included Bayerische Motoren Werke AG (BMW) as a high-profile target, claiming the theft of a significant amount of critical internal documents from the German automoti
WatchGuard warns of critical vulnerability in Firebox firewalls
WatchGuard has released security updates to address a remote code execution vulnerability impacting the company's Firebox firewalls. [...]
Jenkins Patches Multiple Vulnerabilities that Allow Attackers to Cause a Denial of Service
Jenkins has released critical updates addressing four security flaws that unauthenticated and low-privileged attackers could exploit to disrupt service or glean sensitive configuration details. Administrators running Je
Pixie Dust Wi-Fi Attack Exploits Routers WPS to Obtain PIN and Connect With Wireless Network
The newly publicized Pixie Dust attack has once again exposed the critical vulnerabilities inherent in the Wi-Fi Protected Setup (WPS) protocol, enabling attackers to extract the router’s WPS PIN offline and seamlessly j
TP-Link Router 0-Day RCE Vulnerability Exploited Bypassing ASLR Protections – PoC Released
A critical zero-day remote code execution (RCE) vulnerability, identified as CVE-2025-9961, has been discovered in TP-Link routers. Security research firm ByteRay has released a proof-of-concept (PoC) exploit, demonstrat
Top 10 Best Next‑Generation Firewall (NGFW) Providers in 2025
Protecting digital infrastructure is critical in 2025, as cyber threats escalate in complexity and diversity. Next‑Generation Firewalls (NGFWs) have become the cornerstone for enterprise security, offering not just robus