ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without authorization. Tracked as C
Microsoft Warns Of Windows 11 23H2 Support Ending In 60 Days
Microsoft has issued an official reminder that support for Windows 11 version 23H2 Home and Pro editions is set to expire in approximately 60 days. The end-of-servicing date is scheduled for November 11, 2025, after whic
FlowiseAI Password Reset Token Vulnerability Allows Account Takeover
A critical vulnerability affecting FlowiseAI’s Flowise platform has been disclosed, revealing a severe authentication bypass flaw that allows attackers to perform complete account takeovers with minimal effort. The vuln
Linux CUPS Vulnerability Let Attackers Remote DoS and Bypass Authentication
Two critical vulnerabilities have been discovered in the Linux Common Unix Printing System (CUPS), exposing millions of systems to remote denial-of-service attacks and authentication bypass exploits. The vulnerabilities
Weekly Cybersecurity News Recap : Tenable, Qualys, Workday Data Breaches and Security Updates
This week in cybersecurity serves as a critical reminder of the pervasive risks within the digital supply chain, as several industry-leading companies disclosed significant data breaches. The incidents, affecting vulnera
CVE-2025-10200
Currently trending CVE - Hype Score: 1 - Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chro
CISA warns of actively exploited Dassault RCE vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) s
Scattered LAPSUS$ Hunters 4.0 Announced That Their Going Dark Permanently
A sudden and definitive statement emerged from the “Scattered LAPSUS$ Hunters 4.0” Telegram channel on September 8, signaling an abrupt end to their public operations. After months of high-profile campaigns targeting maj
Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks
Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concer
Samsung Zero-Day Vulnerability Actively Exploited to Execute Remote Code
Samsung has released its September 2025 security update, addressing a critical zero-day vulnerability that is being actively exploited in the wild. The patch resolves a total of 25 Samsung Vulnerabilities and Exposures (
K2 Think AI Model Jailbroken Within Hours After The Release
Within mere hours of its public unveiling, the K2 Think model experienced a critical compromise that has sent ripples throughout the cybersecurity community. The newly launched reasoning system, developed by MBZUAI in pa
Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploi
Akira ransomware exploiting critical SonicWall SSLVPN bug again
The Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. [...]
Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called "gross cybersecurity negligence" that enabled ransomware attacks on U.S. critical infr
Google fixes critical Chrome flaw, researcher earns $43K
Google addressed a critical use-after-free vulnerability in its Chrome browser that could potentially lead to code execution. A researcher earned $43000 from Google for reporting a critical Chrome vulnerability, tracked
CoreDNS Vulnerability Let Attackers Pin DNS Cache And Deny Service Updates
A significant vulnerability has been discovered in CoreDNS that could allow attackers to disrupt services by pinning DNS cache entries, effectively creating a denial of service for updates. The flaw, residing in the Core
Critical Chrome Vulnerability Earns Researcher $43,000
Google patched a critical use-after-free vulnerability in Chrome that could potentially lead to code execution. The post Critical Chrome Vulnerability Earns Researcher $43,000 appeared first on SecurityWeek.
ACSC Warns Of Sonicwall Access Control Vulnerability Actively Exploited In Attacks
The Australian Cyber Security Centre (ACSC) has issued a critical alert regarding a severe access control vulnerability in SonicWall products that is being actively exploited in attacks. The flaw, tracked as CVE-2024-407
Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts
Adobe fixed a critical flaw in its Commerce and Magento Open Source platforms that allows an attacker to take over customer accounts. Adobe addressed a critical vulnerability, tracked as CVE-2025-54236 (aka SessionReaper
CyberVolk Ransomware Attacking Windows System in Critical Infrastructure and Scientific Institutions
CyberVolk ransomware first emerged in May 2024, rapidly evolving into a sophisticated threat aimed at government agencies and critical infrastructure in countries perceived as hostile to Russian interests. Leveraging a d