ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Windows Screenshot Utility Greenshot Vulnerability Enable Malicious code execution – PoC Released
A critical security flaw has been discovered in Greenshot, a popular open-source screenshot utility for Windows. The vulnerability allows a local attacker to execute arbitrary code within the Greenshot process, potential
Top 10 Best Security Orchestration, Automation, And Response (SOAR) Tools in 2025
In the face of an ever-increasing volume of security alerts, a critical shortage of skilled cybersecurity professionals, and the growing sophistication of cyber threats, Security Operations Centers (SOCs) are often overw
Critical WatchGuard Vulnerability Allows Unauthenticated Attacker to Execute Arbitrary Code
A critical vulnerability has been discovered in WatchGuard’s Firebox firewalls, which could allow a remote, unauthenticated attacker to execute arbitrary code on affected devices. The flaw, tracked as CVE-2025-9242, has
Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad
Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering critical security updates to older-generation devices. The patches address a zero-day flaw in the ImageIO framework that could allow an
Critical Chaos Mesh Vulnerabilities Let Attackers Takeover Kubernetes Cluster
Critical vulnerabilities were identified in Chaos Mesh, a popular Cloud Native Computing Foundation chaos engineering platform used for fault injection testing in Kubernetes environments. The security flaws, collectivel
Hackers Can Exploit Bitpixie Vulnerability to Bypass BitLocker Encryption and Escalate Privileges
A critical vulnerability in Windows Boot Manager, known as bitpixie, enables attackers to bypass BitLocker drive encryption and escalate local privileges on Windows systems. The vulnerability affects boot managers from
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover
Cybersecurity researchers have disclosed multiple critical security vulnerabilities in Chaos Mesh that, if successfully exploited, could lead to cluster takeover in Kubernetes environments. "Attackers need only minimal i
Why Real-Time Threat Intelligence Is Critical for Modern SOCs
Security Operations Centers (SOCs) exist under ever-increasing pressure to detect and respond to threats before they escalate. Today’s fast-moving adversaries exploit gaps in threat visibility with automation, targeted r
Top 10 Best Privileged Access Management (PAM) Tools in 2025
In today’s complex digital landscape, where data breaches and cyberattacks are a constant threat, securing privileged accounts is more critical than ever. Privileged Access Management (PAM) is a core component of any rob
LG WebOS TV Vulnerability Let Attackers Bypass Authentication and Enable Full Device Takeover
A critical vulnerability has been discovered in LG’s WebOS for smart TVs, allowing an attacker on the same local network to bypass authentication mechanisms and achieve full control over the device. The flaw, which affec
WordPress Plugin Vulnerability Let Attackers Bypass Authentication via Social Login
A critical authentication bypass vulnerability in the Case Theme User WordPress plugin has emerged as a significant security threat, allowing unauthenticated attackers to gain administrative access to websites by exploit
Webinar: Your browser is the breach — securing the modern web edge
The web browser has quietly become one of the most critical components of enterprise infrastructure—and one of the most dangerous. Join BleepingComputer, SC Media, and Push Security on September 29 at 12:00 PM ET for a l
Spring Framework Security Flaws Enable Authorization Bypass and Annotation Detection Issues
Two critical vulnerabilities, CVE-2025-41248 and CVE-2025-41249, have emerged in Spring Security and Spring Framework that could allow attackers to bypass authorization controls in enterprise applications. These flaws a
Open Source CyberSOCEval Sets New Standards for AI in Malware Analysis and Threat Intelligence
A groundbreaking open-source benchmark suite called CyberSOCEval has emerged as the first comprehensive evaluation framework for Large Language Models (LLMs) in Security Operations Center (SOC) environments. Released as
Pro-Russian Hackers Attacking Key Industries in Major Countries Around The World
A sophisticated pro-Russian cybercriminal group known as SectorJ149 (also identified as UAC-0050) has emerged as a significant threat to critical infrastructure worldwide, conducting targeted attacks against manufacturin
Burger King Uses DMCA Complaint to Take Down Blog Post Detailing Security Flaws on Drive-Thru Systems
Burger King has invoked the U.S. Digital Millennium Copyright Act (DMCA) to force the removal of a security researcher’s blog post that exposed critical vulnerabilities in its drive-thru “Assistant” system. The move has
BlackNevas Ransomware Encrypts Files and Steals Sensitive Data From Affected Companies
The BlackNevas ransomware group has emerged as a significant threat since November 2024, continuously launching devastating attacks against businesses and critical infrastructure organizations across Asia, North America,
Critical LangChainGo Vulnerability Let Attackers Access Sensitive Files by Injecting Malicious Prompts
A high-severity vulnerability was identified in LangChainGo, the Go implementation of the popular LLM orchestration framework LangChain. Tracked as CVE-2025-9556, this flaw allows unauthenticated attackers to perform ar
IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without authorization. Tracked as C
Microsoft Warns Of Windows 11 23H2 Support Ending In 60 Days
Microsoft has issued an official reminder that support for Windows 11 version 23H2 Home and Pro editions is set to expire in approximately 60 days. The end-of-servicing date is scheduled for November 11, 2025, after whic