Vulnerabilities
CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.
Hi, what are you looking for?
SecurityWeek
All posts tagged "exploited"
Vulnerabilities
SonicWall has credited Microsoft for reporting CVE-2025-23006, a critical remote command execution vulnerability possibly exploited in the wild.
Data Breaches
Hackers have leaked 15,000 Fortinet firewall configurations, which were apparently obtained as a result of exploitation of CVE-2022–40684.
Vulnerabilities
Fortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024.
Malware & Threats
Attackers have been exploiting a second vulnerability in BeyondTrust’s remote management solutions, CISA warns.
Vulnerabilities
Many Ivanti VPNs are still exposed to attacks exploiting a recent vulnerability tracked as CVE-2025-0282 and Nominet has been named as a victim.
Cloud Security
Attackers are exploiting a critical vulnerability in Aviatrix Controller to execute arbitrary code in AWS cloud environments.
Vulnerabilities
Threat actors are exploiting a recent GFI KerioControl firewall vulnerability that leads to remote code execution.
Malware & Threats
Google Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies.
Vulnerabilities
CISA says two recently disclosed path traversal vulnerabilities in the Mitel MiCollab collaboration platform have been exploited in attacks.
Vulnerabilities
Palo Alto Networks has patched CVE-2024-3393, a vulnerability that has been exploited for DoS attacks against the company’s firewalls.
ICS/OT
Threat actors are exploiting a command injection vulnerability in Four-Faith industrial routers to deploy a reverse shell.
Vulnerabilities
CISA is urging federal agencies to patch a recent critical vulnerability in BeyondTrust remote access products in one week.
Vulnerabilities
A critical vulnerability in BeyondTrust Privileged Remote Access and Remote Support could lead to arbitrary command execution.
Vulnerabilities
Researchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE).
Vulnerabilities
CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild.
Ransomware
The Cl0p ransomware group has taken credit for exploitation of the Cleo product vulnerability tracked as CVE-2024-55956.
Malware & Threats
Cleo has released patches for the exploited vulnerability and security firms have detailed the malware delivered in attacks.
Vulnerabilities
Two vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins allow attackers to backdoor websites.
Cybercrime
Exploitation of a vulnerability affecting Cleo file transfer tools has been linked to the new Termite ransomware group.
Malware & Threats
Google has filed a lawsuit against the Badbox 2.0 botnet operators, after identifying over 10 million infected Android devices.
Vulnerabilities
Nation-State
Data Breaches
Management & Strategy
Noteworthy stories that might have slipped under the radar: powerful US law firm hacked by China, Symantec product flaw, $10,000 Meta AI hack, cryptocurrency...
