exploited Archives

Vulnerabilities

SonicWall Confirms Exploitation of New SMA Zero-Day

SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild.

Eduard KovacsJanuary 28, 2025

Mobile & Wireless

Apple Patches First Exploited iOS Zero-Day of 2025

Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks.

Ionut ArghireJanuary 28, 2025

ICS/OT

Building Automation Protocols Increasingly Targeted in OT Attacks: Report

Industrial automation protocols continue to be the most targeted in OT attacks, but building automation systems have been increasingly targeted.

Eduard KovacsJanuary 27, 2025

Vulnerabilities

CISA Warns of Old jQuery Vulnerability Linked to Chinese APT

CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.

Eduard KovacsJanuary 24, 2025

Vulnerabilities

SonicWall Learns From Microsoft About Potentially Exploited Zero-Day

SonicWall has credited Microsoft for reporting CVE-2025-23006, a critical remote command execution vulnerability possibly exploited in the wild.

Eduard KovacsJanuary 23, 2025

Data Breaches

Data From 15,000 Fortinet Firewalls Leaked by Hackers

Hackers have leaked 15,000 Fortinet firewall configurations, which were apparently obtained as a result of exploitation of CVE-2022–40684.

Eduard KovacsJanuary 16, 2025

Vulnerabilities

Fortinet Confirms New Zero-Day Exploitation

Fortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024.

Eduard KovacsJanuary 15, 2025

Malware & Threats

CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks

Attackers have been exploiting a second vulnerability in BeyondTrust’s remote management solutions, CISA warns.

Ionut ArghireJanuary 14, 2025

Vulnerabilities

Many Ivanti VPNs Still Unpatched as UK Domain Registry Emerges as Victim of Exploitation

Many Ivanti VPNs are still exposed to attacks exploiting a recent vulnerability tracked as CVE-2025-0282 and Nominet has been named as a victim.

Eduard KovacsJanuary 14, 2025

Cloud attacks exploiting Aviatrix vulnerability

Cloud Security

Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments

Attackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments.

Ionut ArghireJanuary 14, 2025

Vulnerabilities

GFI KerioControl Firewall Vulnerability Exploited in the Wild

Threat actors are exploiting a recent GFI KerioControl firewall vulnerability that leads to remote code execution.

Ionut ArghireJanuary 9, 2025

Malware & Threats

Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies

Google Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies.

Eduard KovacsJanuary 9, 2025

SECURITYWEEK NETWORK:

ICS:

All posts tagged "exploited"

Vulnerabilities

SonicWall Confirms Exploitation of New SMA Zero-Day

Mobile & Wireless

Apple Patches First Exploited iOS Zero-Day of 2025

ICS/OT

Building Automation Protocols Increasingly Targeted in OT Attacks: Report

Vulnerabilities

CISA Warns of Old jQuery Vulnerability Linked to Chinese APT

Vulnerabilities

SonicWall Learns From Microsoft About Potentially Exploited Zero-Day

Data Breaches

Data From 15,000 Fortinet Firewalls Leaked by Hackers

Vulnerabilities

Fortinet Confirms New Zero-Day Exploitation

Malware & Threats

CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks

Vulnerabilities

Many Ivanti VPNs Still Unpatched as UK Domain Registry Emerges as Victim of Exploitation

Cloud Security

Critical Aviatrix Controller Vulnerability Exploited Against Cloud Environments

Vulnerabilities

GFI KerioControl Firewall Vulnerability Exploited in the Wild

Malware & Threats

Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies

Featured

Vulnerabilities

New Windows Zero-Day Exploited by Chinese APT: Security Firm

Nation-State

Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation

Funding/M&A

SecurityWeek Analysis: Over 400 Cybersecurity M&A Deals Announced in 2024

Nation-State

Russian Seashell Blizzard Hackers Have Access to Critical Infrastructure: Microsoft

Malware & Threats

Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day

Vulnerabilities

Intel Patched 374 Vulnerabilities in 2024

Malware & Threats

Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack

Latest News

Funding/M&A

SailPoint IPO Signals Bright Spot for Cybersecurity

Incident Response

Virginia Attorney General’s Office Struck by Cyberattack Targeting Attorneys’ Computer Systems

Government

Sean Cairncross is Trump Nominee for National Cyber Director

ICS/OT

Rising Tides: Lesley Carhart on Bridging Enterprise Security and OT—and Improving the Human Condition

Vulnerabilities

Meta Paid Out Over $2.3 Million in Bug Bounties in 2024

ICS/OT

In Other News: $10,000 YouTube Flaw, Cybereason CEO Sues Investors, New OT Security Tool

Vulnerabilities

SonicWall Firewall Vulnerability Exploited After PoC Publication

Daily Briefing Newsletter