ARTIKEL SUCHE
Threat Feed QueryDurchsuche alle aggregierten Security-Artikel nach Schlagworten, CVE-IDs und Quellen.
Android Security Update – Patch for 0-Day Vulnerabilities Actively Exploited in Attack
In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices. The bulleti
PoC Exploit Released for IIS WebDeploy Remote Code Execution Vulnerability
A proof-of-concept exploit for CVE-2025-53772, a critical remote code execution vulnerability in Microsoft’s IIS Web Deploy (msdeploy) tool, was published this week, raising urgent alarms across the .NET and DevOps commu
ESPHome Web Server Authentication Bypass Vulnerability Exposes Smart Devices
A critical security vulnerability discovered in ESPHome’s web server component has exposed thousands of smart home devices to unauthorized access, effectively nullifying basic authentication protections on ESP-IDF platfo
Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers
Tracked as CVE-2025-57819 (CVSS score of 10/10), the bug is described as an insufficient sanitization of user-supplied data. The post Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers appeared first on
Shadow AI Discovery: A Critical Part of Enterprise AI Governance
The Harsh Truths of AI Adoption MITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90% of employees are actively using AI tools in their daily w
HashiCorp Vault Vulnerability Let Attackers to Crash Servers
A critical denial-of-service vulnerability in HashiCorp Vault could allow malicious actors to overwhelm servers with specially crafted JSON payloads, leading to excessive resource consumption and rendering Vault instance
MobSF Security Testing Tool Vulnerability Let Attackers Upload Malicious Files
A critical flaw in the Mobile Security Framework (MobSF) has been discovered, allowing authenticated attackers to upload and execute malicious files by exploiting improper path validation. The vulnerability, present in
Critical Qualcomm Vulnerabilities Allow Attackers to Execute Arbitrary Code Remotely
Multiple critical vulnerabilities in Qualcomm Technologies’ proprietary Data Network Stack and Multi-Mode Call Processor that permit remote attackers to execute arbitrary code. These flaws, tracked as CVE-2025-21483 and
Azure Active Directory Vulnerability Exposes Credentials and Enables Attackers to Deploy Malicious Apps
A critical security vulnerability has emerged in Azure Active Directory (Azure AD) configurations that exposes sensitive application credentials, providing attackers with unprecedented access to cloud environments. This
CVE-2025-9478
Currently trending CVE - Hype Score: 21 - Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security seve
Wireshark 4.4.9 Released With Fix For Critical Bugs and Updated Protocol Support
The Wireshark team has rolled out version 4.4.9, a maintenance release for the world’s most popular network protocol analyzer. This update focuses on stability and reliability, delivering a series of important bug fixes
Critical Next.js Framework Vulnerability Let Attackers Bypass Authorization
A newly discovered critical security vulnerability in the Next.js framework, designated CVE-2025-29927, poses a significant threat to web applications by allowing malicious actors to completely bypass authorization mecha
MediaTek Security Update – Patch for Multiple Vulnerabilities Across Chipsets
MediaTek today published a critical security bulletin addressing several vulnerabilities across its latest modem chipsets, urging device OEMs to deploy updates immediately. The bulletin, issued two months after confiden
Detecting Exposed LLM Servers: A Shodan Case Study on Ollama
We uncovered 1,100+ exposed Ollama LLM servers—20% with open models—revealing critical security gaps and the need for better LLM threat monitoring.
Sitecore CMS Platform Vulnerabilities Enables Remote Code Execution
Critical vulnerabilities in Sitecore Experience Platform allow attackers to achieve complete system compromise through a sophisticated attack chain combining HTML cache poisoning with remote code execution capabilities.
QNAP Vulnerability Let Attackers Bypass Authentication and Access Unauthorized Files
QNAP Systems has disclosed a critical security vulnerability in its legacy VioStor Network Video Recorder (NVR) firmware that could allow remote attackers to completely bypass authentication mechanisms and gain unauthori
Linux UDisks Daemon Vulnerability Let Attackers Gaining Access to Files Owned by Privileged Users
A critical security vulnerability has been discovered in the Linux UDisks daemon that could allow unprivileged attackers to gain access to files owned by privileged users. The flaw, identified as CVE-2025-8067, was publ
How Prompt Injection Attacks Bypassing AI Agents With Users Input
Prompt injection attacks have emerged as one of the most critical security vulnerabilities in modern AI systems, representing a fundamental challenge that exploits the core architecture of large language models (LLMs) an
CVE-2025-2067
Currently trending CVE - Hype Score: 8 - A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The
Critical Citrix 0-Day Vulnerability Exploited Since May, Leaving Global Entities Exposed
A critical zero-day vulnerability in Citrix NetScaler products, identified as CVE-2025-6543, has been actively exploited by threat actors since at least May 2025, months before a patch was made available. While Citrix in