Critical Alert 1 Active Exploit Detected Today

CVE-2024-21182 — Oracle WebLogic Server Unspecified Vulnerability →

Powered by CVE Watchtower

×

cybersecurity

CERT Warns of Privilege Escalation Vulnerability in Lakeside SysTrack (CVE-2025-6241) WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

WD Discovery Vulnerability CVE-2025-30248 binary-parser Vulnerability CVE-2026-1245 H3C RCE Vulnerability CVE-2025-60262 Telenium RCE, CVE-2025-10659 Fuel station security, ICS vulnerabilities FreePBX vulnerability CVE-2024-9478 & CVE-2024-9479 SysTrack Vulnerability, Privilege Escalation

CERT Warns of Privilege Escalation Vulnerability in Lakeside SysTrack (CVE-2025-6241)

Ddos July 28, 2025

The CERT Coordination Center (CERT/CC) has issued a Vulnerability Note detailing a critical privilege escalation flaw affecting...

Critical Node-SAML Flaw (CVE-2025-54369) Exposes SAML 2.0 to Authentication Bypass Node-SAML Vulnerability, SAML Authentication Bypass

Node-SAML Vulnerability, SAML Authentication Bypass

Critical Node-SAML Flaw (CVE-2025-54369) Exposes SAML 2.0 to Authentication Bypass

Ddos July 28, 2025

A critical vulnerability has been discovered in the popular open-source Node.js library Node-SAML, used to implement SAML...

Russian-Aligned Hive0156 Escalates Remcos RAT Attacks on Ukrainian Government & Military Russian Cyberattack, Remcos RAT

Russian Cyberattack, Remcos RAT

Russian-Aligned Hive0156 Escalates Remcos RAT Attacks on Ukrainian Government & Military

Ddos July 28, 2025

IBM’s X-Force has raised the alarm on an intensifying series of cyberattacks orchestrated by the Russian-aligned threat...

Koske Malware: AI-Generated Cryptojacker Hides in Panda Images to Infect Linux Servers Firefox Security, Crypto Wallets skidmap trojan

Firefox Security, Crypto Wallets skidmap trojan

Koske Malware: AI-Generated Cryptojacker Hides in Panda Images to Infect Linux Servers

Ddos July 27, 2025

Aqua Security’s Nautilus research team has uncovered a malware campaign. Dubbed Koske, this advanced Linux malware shows...

NVIDIA Update: 14 Vulnerabilities Patched in GPU Drivers & vGPU Software

NVIDIA acquisition rumors NVIDIA AI Security AI Framework Vulnerabilities Nvidia 595.76 Hotfix NVIDIA Megatron Bridge vulnerability GPU vs ASIC AI battle NVIDIA Driver Vulnerability CVE-2025-33217 NVIDIA biggest TSMC customer 2026, NVIDIA vs Apple TSMC revenue share NVIDIA CUDA Toolkit CVE-2025-33228 Groq NVIDIA licensing deal, Jonathan Ross acquihire 2025 NeMo Code Injection, AI Framework RCE NVIDIA App Privilege Escalation, CVE-2025-23358 NVIDIA Security Update, DLS Vulnerability CVE-2025-23316 NVIDIA NVDebug, vulnerabilities NVIDIA Driver Vulnerabilities, vGPU Security Nvidia Jetson, UEFI Vulnerabilities CVE-2024-0130 - CVE-2024-0136 CVE-2024-0148 NVIDIA Driver Support, Windows 10 EOL

NVIDIA Update: 14 Vulnerabilities Patched in GPU Drivers & vGPU Software

Ddos July 26, 2025

NVIDIA has released software security updates for its GPU Display Drivers and vGPU software across Windows, Linux,...

Massive Data Leak: Misconfigured Elasticsearch Server Exposes Hundreds of Millions of Swedish Records Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Fiverr Data Leak Claude Code Leak Anthropic DMCA Takedown Coupang 33.7M Breach South Korea Data Leak Red Hat Breach, Customer Data Theft Farmers Insurance, Salesforce ESLint Plugin -Mamont Android banking Trojan

Massive Data Leak: Misconfigured Elasticsearch Server Exposes Hundreds of Millions of Swedish Records

Ddos July 25, 2025

Researchers at CYBERNEWS, during a routine scan of the internet, discovered a misconfigured Elasticsearch server containing a...

Trump Unleashes “AI Action Plan”: Deregulation Push, “Ideological Bias” Crackdown & Federal Lands for Data Centers Yoshua Bengio AI sycophancy, reverse deception AI feedback AI chatbots, FTC investigation AI-generated content Trump AI Policy, AI Deregulation Military AI, DoD Funding Stargate Project AI Art Restoration

Yoshua Bengio AI sycophancy, reverse deception AI feedback AI chatbots, FTC investigation AI-generated content Trump AI Policy, AI Deregulation Military AI, DoD Funding Stargate Project AI Art Restoration

Trump Unleashes “AI Action Plan”: Deregulation Push, “Ideological Bias” Crackdown & Federal Lands for Data Centers

Ddos July 25, 2025

The AI Action Plan introduced earlier this year by President Trump has now materialized into a concrete...

Toptal GitHub Organization Compromised: Malicious npm Packages Steal Tokens & Wipe Systems libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

libheif Vulnerability CVE-2025-65586 Trend Micro RCE CVE-2025-69258 SessionReaper CVE-2025-54236 VS Code Marketplace, supply chain attack npm Supply Chain, Toptal Compromise Ruckus AP Vulnerability

Toptal GitHub Organization Compromised: Malicious npm Packages Steal Tokens & Wipe Systems

Ddos July 25, 2025

Socket’s Threat Research Team has discovered that at least 10 malicious packages were published to npm from...

Critical Axios Flaw (CVE-2025-54371) in Form-Data Dependency Exposes Millions to HTTP Manipulation Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Axios Vulnerability Cloud Hijacking Axios npm supply chain attack Axios Vulnerability Node.js DoS CVE-2025-58754 CVE-2025-27152 Axios Vulnerability, Form-Data Flaw

Critical Axios Flaw (CVE-2025-54371) in Form-Data Dependency Exposes Millions to HTTP Manipulation

Ddos July 25, 2025

Axios, the popular promise-based HTTP client for Node.js and browsers, has been found vulnerable through a critical...

High-Severity SQL Injection (CVE-2025-52914) in Mitel MiCollab Allows Data Access, Command Execution CVE-2024-35285 & CVE-2024-35286 Mitel MiCollab, SQL Injection Vulnerability

CVE-2024-35285 & CVE-2024-35286 Mitel MiCollab, SQL Injection Vulnerability

High-Severity SQL Injection (CVE-2025-52914) in Mitel MiCollab Allows Data Access, Command Execution

Ddos July 25, 2025

Mitel has released a security advisory addressing a high-severity SQL injection vulnerability in its MiCollab platform—an issue...

Bitnami Helm Chart Flaw (CVSS 10.0) Exposes Kubernetes Secrets: Publicly Accessible & Exploitable Remotely Bitnami Helm Chart, Kubernetes Secrets

Bitnami Helm Chart, Kubernetes Secrets

Bitnami Helm Chart Flaw (CVSS 10.0) Exposes Kubernetes Secrets: Publicly Accessible & Exploitable Remotely

Ddos July 24, 2025

A critical vulnerability in several Bitnami Helm charts has exposed sensitive Kubernetes secrets to unauthenticated web access,...

Critical Mitel MiVoice MX-ONE Flaw: Unauthenticated Authentication Bypass Exposed Mitel vulnerability Mitel MiVoice MX-ONE, Authentication Bypass

Mitel vulnerability Mitel MiVoice MX-ONE, Authentication Bypass

Critical Mitel MiVoice MX-ONE Flaw: Unauthenticated Authentication Bypass Exposed

Ddos July 24, 2025

Mitel has issued a security advisory addressing a critical-severity vulnerability in the Provisioning Manager component of its...

High-severity flaw (CVE-2025-8069) in AWS Client VPN for Windows Allows Privilege Escalation

Motorola Smart Feed redirect Anthropic Amazon 5GW partnership Amazon Perplexity lawsuit AWS-LC Vulnerabilities Cryptographic Bypass AWS Middle East drone strikes Amazon layoffs 2026, Amazon AI restructuring Amazon Kindle DRM Policy, Publisher Control EPUB AWS Nova Forge AI Model Customization AWS Trainium3 EC2 Trn3 UltraServer Route 53 Accelerated Recovery AWS DNS Resilience AI Browser War, Amazon Comet Amazon layoffs, cost reduction AWS outage, DynamoDB DNS AWS outage, cloud dependency AWS VPN Client, Root Privilege Escalation WSA shutdown, Amazon Appstore Amazon Wondery, Podcast Restructuring Amazon Q2 2025 Generative AI AWS Client VPN, Privilege Escalation Amazon AI, Wearable AI

High-severity flaw (CVE-2025-8069) in AWS Client VPN for Windows Allows Privilege Escalation

Ddos July 24, 2025

Amazon Web Services (AWS) has released a security patch for a high-severity local privilege escalation vulnerability (CVE-2025-8069)...

UK Moves to Ban Ransomware Payments for Public Sector Bodies, Criminalizing Extortion Compliance INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

INC Ransom Pacific Cyber Threats OysterLoader Malware Rhysida Ransomware Black Basta Ransomware BYOVD Technique Velociraptor Abuse, Storm-2603 Ransomware Crypto24, Ransomware Ransomware Payments, UK Legislation ZACROS data breach

UK Moves to Ban Ransomware Payments for Public Sector Bodies, Criminalizing Extortion Compliance

Ddos July 24, 2025

Ransomware continues to inflict substantial damage each year on businesses, educational institutions, government agencies, and other organizations....

Buffer Overflows & XSS in SonicWall SMA 100 Expose Devices to RCE – Patch Immediately! SonicWall Firewall CVE-2024-40766 SonicWall SMA Vulnerabilities, Web Interface Flaws

SonicWall Firewall CVE-2024-40766 SonicWall SMA Vulnerabilities, Web Interface Flaws

Buffer Overflows & XSS in SonicWall SMA 100 Expose Devices to RCE – Patch Immediately!

Ddos July 24, 2025

SonicWall has released a security updates for its Secure Mobile Access (SMA) 100 series appliances, addressing three...

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

Critical Flaws in Weidmueller Industrial Routers Allow Unauthenticated RCE

Ddos July 24, 2025

In a recent security advisory coordinated by CERT@VDE, Weidmueller has disclosed multiple critical vulnerabilities affecting its IE-SR-2TX...

TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution

TP-Link router vulnerability CVE-2026-5509 patch Archer AX53 Vulnerability TP-Link Router Security Tapo C520WS Vulnerability TP-Link Security Patch TP-Link Archer NX Router Vulnerability TP-Link Archer Vulnerability CVE-2025-15568 TP-Link Archer BE230 Vulnerability Command Injection TP-Link Omada Vulnerability CVE-2025-9520 TP-Link Archer MR600 Vulnerability CVE-2025-14756 CVE-2026-0629 TP-Link Omada RCE, CVE-2025-6542 TP-Link, Smart plug vulnerability TP-Link Archer C50, Hardcoded DES Key TP-Link NVR, Command Injection TP-Link Routers cybersecurity

TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution

Ddos July 24, 2025

TP-Link has issued a security advisory warning users of two critical operating system command injection vulnerabilities affecting...

Synology BeeDrive Flaws Allow Code Execution & Arbitrary File Deletion Synology BeeDrive, Local/Remote Code Execution

Synology BeeDrive, Local/Remote Code Execution

Synology BeeDrive Flaws Allow Code Execution & Arbitrary File Deletion

Ddos July 24, 2025

Synology has issued a security update to patch three significant vulnerabilities affecting the BeeDrive desktop application for...

EdskManager RAT: New Stealthy Malware Leverages HVNC for Covert Remote Access & Evasion EdskManager RAT, HVNC Malware

EdskManager RAT, HVNC Malware

EdskManager RAT: New Stealthy Malware Leverages HVNC for Covert Remote Access & Evasion

Ddos July 24, 2025

In its latest threat intelligence report, CYFIRMA has detailed the discovery of EdskManager RAT, a sophisticated remote...

First in the Wild: Coyote Banking Trojan Exploits Microsoft’s UI Automation to Steal Credentials Undetected

UIA Abuse, Banking Trojan

First in the Wild: Coyote Banking Trojan Exploits Microsoft’s UI Automation to Steal Credentials Undetected

Ddos July 24, 2025

Akamai has confirmed the first observed abuse of Microsoft’s UI Automation (UIA) framework by malware in the...