ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Critical SAP S/4HANA Vulnerability Actively Exploited to Fully Compromise Your SAP System
A critical vulnerability in SAP S/4HANA is being actively exploited in the wild, allowing attackers with low-level user access to gain complete control over affected systems. The vulnerability, tracked as CVE-2025-42957,
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVS
Critical 0-Click Vulnerability Enables Attackers to Takeover Email Access Using Punycode
A critical, zero-click vulnerability that allows attackers to hijack online accounts by exploiting how web applications handle international email addresses. The flaw, rooted in a technical discrepancy known as a “canoni
Recent SAP S/4HANA Vulnerability Exploited in Attacks
A critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild. The post Recent SAP S/4HANA Vulnerability Exploited in Attacks appeared first on Secu
$10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure
US offers $10M for Russian FSB officers Tyukov, Gavrilov & Akulov, accused of attacking US critical infrastructure and over 500 energy firms worldwide. The US Department of State is offering up to $10M for info on FSB of
NoisyBear Weaponizing ZIP Files to PowerShell Loaders and Exfiltrate Sensitive Data
A sophisticated threat actor known as NoisyBear has emerged as a significant concern for Kazakhstan’s energy sector, employing advanced tactics to infiltrate critical infrastructure through weaponized ZIP files and Power
6 browser-based attacks all security teams should be ready for in 2025
The browser is now the frontline for cyberattacks. From phishing kits and ClickFix lures to malicious OAuth apps and extensions, attackers are targeting the very place your employees access business-critical apps. Push S
US Offers $10 Million for Three Russian Energy Firm Hackers
Marat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries. The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on
Severe Hikvision HikCentral product flaws: What You Need to Know
Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring. Security researchers warn of three vulnerabilities impacting Hikvision HikCen
Django Critical Vulnerability Let attackers Execute Malicious SQL Code on Web Servers
The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers to execute malicious SQL code on web servers using the popular framework. The flaw, ide
US Offers $10M Bounty For FSB Hackers Who Exploited Cisco Vulnerability To Attack Critical Infrastructure
The United States government has announced a reward of up to $10 million for information leading to the identification or location of three Russian intelligence officers. The bounty, offered through the Department of Sta
Google Warns of Zero-Day Vulnerability in Sitecore Products Allowing Remote Code Execution
A critical zero-day vulnerability in several Sitecore products could allow attackers to execute code remotely. The vulnerability, identified as CVE-2025-53690, stems from a ViewState deserialization flaw and is being act
Chinese APT Hackers Exploit Router Vulnerabilities to Infiltrate Enterprise Environments
Over the past several years, a concerted campaign by Chinese state-sponsored Advanced Persistent Threat (APT) groups has exploited critical vulnerabilities in enterprise-grade routers to establish long-term footholds wit
New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face
Cybersecurity researchers have uncovered a critical vulnerability in the artificial intelligence supply chain that enables attackers to achieve remote code execution across major cloud platforms including Microsoft Azure
Apache DolphinScheduler Default Permissions Vulnerability Fixed – Update Now
A critical security vulnerability affecting Apache DolphinScheduler’s default permission system has been identified and patched, prompting urgent update recommendations from the Apache Software Foundation. The vulnerabil
Google Won’t Be Forced to Sell Chrome, But Must Share Search Data With Rivals
The U.S. District Court for the District of Columbia has ordered Google to share critical search data with competitors while allowing the tech giant to retain ownership of its Chrome browser. The decision, announced Tues
Update your Android! Google patches 111 vulnerabilities, 2 are critical
Google has issued updates to patch a whopping 111 Android vulnerabilities, including two actively exploited ones.
CISA Warns of Critical SunPower Device Vulnerability Let Attackers Gain Full Device Access
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory warning about a critical vulnerability in SunPower PVS6 solar power devices that could allow attackers to gain complete control ov
US offers $10 million bounty for info on Russian FSB hackers
The U.S. Department of State is offering a reward of up to $10 million for information on three Russian Federal Security Service (FSB) officers involved in cyberattacks targeting U.S. critical infrastructure organization
Chrome 140 Released With Fix For Six Vulnerabilities that Enable Remote Code Execution Attacks
Google has officially promoted Chrome 140 to the stable channel, initiating a multi-platform rollout for Windows, Mac, Linux, Android, and iOS. The update brings the usual stability and performance improvements, but the