exploited Archives

Vulnerabilities

PoC Published for Exploited SonicWall Vulnerabilities

PoC code targeting two exploited SonicWall flaws was published just CISA added them to the KEV catalog.

Ionut ArghireMay 5, 2025

Vulnerabilities

Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment

Commvault provides indicators of compromise and mitigation guidance after a zero-day exploit targeting its Azure environment lands in CISA’s KEV catalog.

Ionut ArghireMay 1, 2025

Vulnerabilities

SonicWall Flags Two More Vulnerabilities as Exploited

SonicWall has updated the advisories for two vulnerabilities to warn that they are being exploited in the wild.

Ionut ArghireMay 1, 2025

Vulnerabilities

Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks

More than 400 SAP NetWeaver servers are impacted by CVE-2025-31324, an exploited remote code execution vulnerability.

Ionut ArghireApril 29, 2025

Vulnerabilities

CISA Warns of Exploited Broadcom, Commvault Vulnerabilities

CISA urges immediate patching for recently disclosed Broadcom, Commvault, and Qualitia vulnerabilities exploited in the wild.

Ionut ArghireApril 29, 2025

Vulnerabilities

Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites

Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites.

Ionut ArghireApril 28, 2025

Vulnerabilities

SAP Zero-Day Possibly Exploited by Initial Access Broker

A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.

Ionut ArghireApril 25, 2025

Vulnerabilities

Fresh Windows NTLM Vulnerability Exploited in Attacks

A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.

Ionut ArghireApril 18, 2025

Vulnerabilities

SonicWall Flags Old Vulnerability as Actively Exploited

A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild.

Eduard KovacsApril 17, 2025

Vulnerabilities

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild

A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild.

Ionut ArghireApril 11, 2025

Vulnerabilities

CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days

CISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog.

Ionut ArghireApril 9, 2025

Vulnerabilities

ESET Vulnerability Exploited for Stealthy Malware Execution

A sophisticated APT tracked as ToddyCat has exploited an ESET DLL search order hijacking vulnerability for malware delivery.

Ionut ArghireApril 8, 2025

Vulnerabilities

Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk

More than 5,000 Ivanti Connect Secure appliances are vulnerable to attacks exploiting CVE-2025-22457, which has been used by Chinese hackers.

Ionut ArghireApril 8, 2025

Mobile & Wireless

Android Update Patches Two Exploited Vulnerabilities

Android’s latest security update resolves two exploited Kernel vulnerabilities, as well as critical-severity bugs.

Ionut ArghireApril 8, 2025

Malware & Threats

Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks

Huntress has shared details on the post-exploitation activities of threat actors targeting the recent CrushFTP vulnerability.

Eduard KovacsApril 8, 2025

Vulnerabilities

Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy

Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’.

Eduard KovacsApril 3, 2025

Network Security

Questions Remain Over Attacks Causing DrayTek Router Reboots

DrayTek has shared some clarifications regarding the recent attacks causing router reboots, but some questions remain unanswered.

Eduard KovacsApril 2, 2025

Vulnerabilities

CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability

Shadowserver has started seeing exploitation attempts aimed at a CrushFTP vulnerability tracked as CVE-2025-2825 and CVE-2025-31161.

Eduard KovacsApril 1, 2025

Vulnerabilities

Apple Patches Recent Zero-Days in Older iPhones

Apple has released a hefty round of security updates for its desktop and mobile products, patching two recent zero-days in older iPhone models.

Ionut ArghireApril 1, 2025

Vulnerabilities

Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia

Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day.

Eduard KovacsMarch 28, 2025

SECURITYWEEK NETWORK:

ICS:

All posts tagged "exploited"

Vulnerabilities

PoC Published for Exploited SonicWall Vulnerabilities

Vulnerabilities

Commvault Shares IoCs After Zero-Day Attack Hits Azure Environment

Vulnerabilities

SonicWall Flags Two More Vulnerabilities as Exploited

Vulnerabilities

Exploited Vulnerability Exposes Over 400 SAP NetWeaver Servers to Attacks

Vulnerabilities

CISA Warns of Exploited Broadcom, Commvault Vulnerabilities

Vulnerabilities

Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites

Vulnerabilities

SAP Zero-Day Possibly Exploited by Initial Access Broker

Vulnerabilities

Fresh Windows NTLM Vulnerability Exploited in Attacks

Vulnerabilities

SonicWall Flags Old Vulnerability as Actively Exploited

Vulnerabilities

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild

Vulnerabilities

CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days

Vulnerabilities

ESET Vulnerability Exploited for Stealthy Malware Execution

Vulnerabilities

Exploited Vulnerability Puts 5,000 Ivanti VPN Appliances at Risk

Mobile & Wireless

Android Update Patches Two Exploited Vulnerabilities

Malware & Threats

Threat Actors Setting Up Persistent Access to Hosts Hacked in CrushFTP Attacks

Vulnerabilities

Two CVEs, One Critical Flaw: Inside the CrushFTP Vulnerability Controversy

Network Security

Questions Remain Over Attacks Causing DrayTek Router Reboots

Vulnerabilities

CrushFTP Blames Security Firms for Fast Exploitation of Vulnerability

Vulnerabilities

Apple Patches Recent Zero-Days in Older iPhones

Vulnerabilities

Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia

Featured

Malware & Threats

DanaBot Botnet Disrupted, 16 Suspects Charged

Incident Response

Marks & Spencer Expects Ransomware Attack to Cost $400 Million

ICS/OT

Up to 25% of Internet-Exposed ICS Are Honeypots: Researchers

Vulnerabilities

Hackers Earn Over $1 Million at Pwn2Own Berlin 2025

Incident Response

From 60 to 4,000: NATO’s Locked Shields Reflects Cyber Defense Growth

ICS/OT

Production at Steelmaker Nucor Disrupted by Cyberattack

Nation-State

Chinese Hackers Hit Drone Sector in Supply Chain Attacks

Latest News

Data Protection

Signal Adds Screenshot-Blocker to Thwart ‘Windows Recall’

Management & Strategy

In Other News: Volkswagen App Hacked, DR32 Sentenced, New OT Security Solution

Threat Intelligence

On Demand: Threat Detection & Incident Response (TDIR) Summit

Cybercrime

Russian Qakbot Gang Leader Indicted in US

Malware & Threats

Companies Warned of Commvault Vulnerability Exploitation

Malware & Threats

Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks

Malware & Threats

Chinese Spies Exploit Ivanti Vulnerabilities Against Critical Sectors

Daily Briefing Newsletter