Vulnerabilities
Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js.
Hi, what are you looking for?
SecurityWeek
All posts tagged "exploited"
Network Security
DrayTek routers around the world are rebooting and the vendor’s statement suggests that it may involve the exploitation of a vulnerability.
Vulnerabilities
CISA has added an absolute path traversal bug in Nakivo Backup and Replication to its Known Exploited Vulnerabilities list.
Vulnerabilities
SANS is seeing attempts to exploit two critical Cisco Smart Licensing Utility vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440.
Mobile & Wireless
Attacks involving Paragon’s Graphite spyware involved a WhatsApp zero-day that could be exploited without any user interaction.
Artificial Intelligence
A year-old vulnerability in a third-party ChatGPT tool is being exploited against financial entities and US government organizations.
Malware & Threats
A recently disclosed Edimax zero-day vulnerability has been exploited in the wild by Mirai botnets for nearly a year.
Malware & Threats
Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms.
Vulnerabilities
Microsoft on Tuesday patched a zero-day vulnerability in the Windows Win32 kernel that has been exploited since March 2023.
IoT Security
Edimax is aware that CVE-2025-1316 has been exploited in the wild, but the impacted devices were discontinued over a decade ago.
Vulnerabilities
CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog.
Malware & Threats
GreyNoise warns of mass exploitation of a critical vulnerability in PHP leading to remote code execution on vulnerable servers.
IoT Security
Multiple Mirai-based botnets are exploiting CVE-2025-1316, an Edimax IP camera vulnerability that allows remote command execution.
Vulnerabilities
Scans show that tens of thousands of VMware ESXi instances are affected by CVE-2025-22224 and other vulnerabilities disclosed recently as zero-days.
Vulnerabilities
Broadcom patched VMware zero-days CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226 after Microsoft warned it of exploitation.
Mobile & Wireless
Android’s March 2025 security update addresses over 40 vulnerabilities, including two actively exploited in the wild.
Vulnerabilities
Exploitation has been known for months or years for most of the latest vulnerabilities added by CISA to its KEV catalog.
Vulnerabilities
XSS vulnerability allowed a threat actor to redirect users to arbitrary domains.
Vulnerabilities
CISA has added CVE-2024-20953, an Oracle Agile PLM vulnerability patched in January 2024, to its KEV catalog.
Vulnerabilities
CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog.
Malware & Threats
The DanaBot botnet ensnared over 300,000 devices and caused more than $50 million in damages before being disrupted.
Incident Response
Vulnerabilities
Incident Response
Data Protection
Signal said the privacy feature is on by default for every Windows 11 user to block Microsoft from taking screenshots for Windows Recall.
Management & Strategy
Threat Intelligence
Cybercrime
Malware & Threats
