Critical Alert 1 Active Exploit Detected Today

CVE-2024-21182 — Oracle WebLogic Server Unspecified Vulnerability →

Powered by CVE Watchtower

×

cybersecurity

Urgent Chrome Update: Google Patches Critical Zero-Day (CVE-2025-6558) Under Active Attack Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Chrome Zero-Day CVE-2026-3909 Chrome Zero-Day PoC CVE-2026-2441 Chrome Zero-Day CVE-2026-2441 Chrome Zero-Day, Active Exploitation CVE-2025-10585 Chrome vulnerability, zero-day exploit CVE-2025-6558 Chrome Zero-Day, V8 Vulnerability Chrome Zero-Day, Security Update

Urgent Chrome Update: Google Patches Critical Zero-Day (CVE-2025-6558) Under Active Attack

Ddos July 15, 2025

Google has released a critical Stable Channel update for Chrome Desktop (version 138.0.7204.157/.158), addressing six security vulnerabilities,...

CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps LaRecipe, Remote Code Execution

LaRecipe, Remote Code Execution

CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps

Ddos July 15, 2025

A newly discovered Server-Side Template Injection (SSTI) vulnerability in the widely-used LaRecipe documentation tool has been assigned...

CISA Warns of Active Exploitation of Wing FTP Server Flaw (CVE-2025-47812), CVSS 10 Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

Cisco VPN Zero-Day, ASA Vulnerability Ivanti Vulnerabilities Wing FTP Server, RCE Exploit CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor

CISA Warns of Active Exploitation of Wing FTP Server Flaw (CVE-2025-47812), CVSS 10

Ddos July 15, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-47812 to its Known Exploited Vulnerabilities (KEV) Catalog...

ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution ImageMagick, Stack Buffer Overflow

ImageMagick, Stack Buffer Overflow

ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution

Ddos July 15, 2025

A flaw has been discovered in ImageMagick, the widely used open-source image manipulation suite, that could lead...

XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again NPM Supply Chain, North Korea Malware

NPM Supply Chain, North Korea Malware

XORIndex: North Korea’s Evolving Supply Chain Malware Targets npm Ecosystem Again

Ddos July 15, 2025

A new chapter in the ongoing Contagious Interview campaign has emerged, as the Socket Threat Research Team...

HazyBeacon: Novel Backdoor Uses AWS Lambda for Stealthy C2, Targets Govts

backdoor

HazyBeacon: Novel Backdoor Uses AWS Lambda for Stealthy C2, Targets Govts

Ddos July 15, 2025

Researchers from Unit 42 at Palo Alto Networks have uncovered a novel backdoor—HazyBeacon—used by a threat cluster...

CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform Immich, Account Hijacking

Immich, Account Hijacking

CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform

Ddos July 15, 2025

A critical vulnerability has been disclosed in Immich, a rapidly growing open-source project for self-hosted photo and...

BlackSuit: New Royal/Conti Rebrand Hits With Speed, Stealth, & Data Exfiltration

blacksuit

BlackSuit: New Royal/Conti Rebrand Hits With Speed, Stealth, & Data Exfiltration

Ddos July 15, 2025

A recent Cybereason investigation has shed light on a highly coordinated and destructive ransomware campaign carried out...

Symantec Endpoint Management Alert: Critical Flaw Allows Unauthenticated RCE, PoC Releases Symantec Endpoint Management, Remote Code Execution

Symantec Endpoint Management, Remote Code Execution

Symantec Endpoint Management Alert: Critical Flaw Allows Unauthenticated RCE, PoC Releases

Ddos July 14, 2025

A critical remote code execution (RCE) vulnerability has been discovered in the Symantec Endpoint Management suite, also...

Critical Apache Jackrabbit Flaw (CVE-2025-53689): XXE Attacks Allow Data Exfiltration & DoS Apache Jackrabbit, JNDI injection CVE-2023-37895 Apache Jackrabbit, XXE Vulnerability

Apache Jackrabbit, JNDI injection CVE-2023-37895 Apache Jackrabbit, XXE Vulnerability

Critical Apache Jackrabbit Flaw (CVE-2025-53689): XXE Attacks Allow Data Exfiltration & DoS

Ddos July 14, 2025

A critical XML External Entity (XXE) vulnerability has been identified in multiple versions of Apache Jackrabbit, a...

GPUHammer: First Rowhammer Attack on GDDR6 GPU Memory Induces Bit Flips, Degrades AI Models GPUHammer, Rowhammer

GPUHammer, Rowhammer

GPUHammer: First Rowhammer Attack on GDDR6 GPU Memory Induces Bit Flips, Degrades AI Models

Ddos July 14, 2025

For nearly a decade, Rowhammer has haunted DRAM technology, and now it has entered a new field:...

CVE-2025-7503 (CVSS 10): Hidden Backdoor in Popular IP Camera Grants Hackers Root Access IP Camera, Critical Vulnerability

IP Camera, Critical Vulnerability

CVE-2025-7503 (CVSS 10): Hidden Backdoor in Popular IP Camera Grants Hackers Root Access

Ddos July 14, 2025

A critical vulnerability (CVE-2025-7503) has been uncovered in an IP camera manufactured by Shenzhen Liandian Communication Technology...

Red Bull Job Scam Exposed: Phishing Campaign Spoofs Brands, Uses “Slow Kill” Tactics to Steal Credentials phishing-3390518_1280

phishing-3390518_1280

Red Bull Job Scam Exposed: Phishing Campaign Spoofs Brands, Uses “Slow Kill” Tactics to Steal Credentials

Ddos July 14, 2025

Phishing remains one of the most enduring threats to cybersecurity—not for a lack of technological defense, but...

Interlock RAT Gets PHP Makeover: New Variant Uses Steganography & ClickFix for Stealthy Infiltration

Interlock RAT Gets PHP Makeover: New Variant Uses Steganography & ClickFix for Stealthy Infiltration

Ddos July 14, 2025

Researchers from The DFIR Report, in collaboration with Proofpoint, have uncovered a stealthy and resilient variant of...

CVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published CVE-2025-25257 PoC FortiWeb, SQL Injection

CVE-2025-25257 PoC FortiWeb, SQL Injection

CVE-2025-25257 (CVSS 9.6): Pre-Auth SQLi in Fortinet FortiWeb Opens Door to RCE, PoC Published

Ddos July 14, 2025

A critical security flaw in Fortinet’s FortiWeb web application firewall has been publicly weaponized, with proof-of-concept (PoC)...

Linux Kernel Flaw: Root Privilege Escalation Via Use-After-Free, PoC Available! Linux Kernel, Privilege Escalation

Linux Kernel, Privilege Escalation

Linux Kernel Flaw: Root Privilege Escalation Via Use-After-Free, PoC Available!

Ddos July 14, 2025

Security researcher D3vil has uncovered and weaponized a kernel-level Use-After-Free (UAF) vulnerability—CVE-2025-38001—within the Linux networking stack. The...

RenderShock: New Zero-Click Attack Explores Hidden Vulnerabilities in OS & Enterprise Environments rend

rend

RenderShock: New Zero-Click Attack Explores Hidden Vulnerabilities in OS & Enterprise Environments

Ddos July 14, 2025

CYFIRMA has uncovered a new threat model called RenderShock — a zero-click attack strategy that turns convenience...

SLOW#TEMPEST: Advanced Obfuscation Evades Static Analysis With CFG & Indirect Calls SLOW#TEMPEST, Malware Obfuscation

SLOW#TEMPEST, Malware Obfuscation

SLOW#TEMPEST: Advanced Obfuscation Evades Static Analysis With CFG & Indirect Calls

Ddos July 14, 2025

In late 2024, security researchers from Unit 42 uncovered a sophisticated new variant of the malware associated...

SMM Vulnerabilities in Gigabyte UEFI Firmware Expose Systems to Stealthy Attacks Gigabyte UEFI, Critical Vulnerabilities

Gigabyte UEFI, Critical Vulnerabilities

SMM Vulnerabilities in Gigabyte UEFI Firmware Expose Systems to Stealthy Attacks

Ddos July 14, 2025

In a warning issued by CERT/CC, multiple high-impact vulnerabilities have been identified in Gigabyte UEFI firmware that...

CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software Axis Communications, Remote Code Execution

Axis Communications, Remote Code Execution

CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software

Ddos July 14, 2025

Axis Communications has issued a security advisory for a critical vulnerability affecting several of its flagship software...