#cve-2025-40778
#cve-2025-40778

[ follow ]

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Information security

fromThe Hacker News

2 days ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Information security

fromSecurityWeek

1 week ago

Cisco Patches Multiple Vulnerabilities in IOS Software

Cisco released patches for high- and medium-severity vulnerabilities in IOS and IOS XE, primarily to prevent denial-of-service conditions.

Information security

fromSecurityWeek

2 days ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.

Information security

fromThe Hacker News

2 days ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.

Information security

fromSecurityWeek

1 week ago

Cisco Patches Multiple Vulnerabilities in IOS Software

Cisco released patches for high- and medium-severity vulnerabilities in IOS and IOS XE, primarily to prevent denial-of-service conditions.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

Information security

fromArs Technica

1 day ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

1 day ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

Information security

fromArs Technica

1 day ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.

#cybersecurity

fromSecurityWeek

10 hours ago

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

fromLos Angeles Times

1 day ago

Los Angeles

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

fromThe Hacker News

1 day ago

Information security

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

fromTNW | Eu

7 hours ago

Information security

European Commission breached after hackers poisoned open-source security tool Trivy

Node JS

fromInfoQ

5 days ago

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

Information security

fromThe Hacker News

2 days ago

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

EU data protection

fromSecurityWeek

10 hours ago

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

fromLos Angeles Times

1 day ago

Los Angeles

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

Information security

fromThe Hacker News

1 day ago

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.

Information security

fromTNW | Eu

7 hours ago

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.

Node JS

fromInfoQ

5 days ago

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

Organizations are not prepared for the next cybersecurity crisis, similar to Log4Shell.

Information security

fromThe Hacker News

2 days ago

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.

Software development

Internet Bug Bounty program hits pause on payouts

Python

fromThe Hacker News

2 days ago

The State of Trusted Open Source Report

AI is reshaping software development and security, influencing container image usage and vulnerability management.

fromInfoWorld

1 day ago

Software development

Internet Bug Bounty program hits pause on payouts

Python

fromThe Hacker News

2 days ago

The State of Trusted Open Source Report

AI is reshaping software development and security, influencing container image usage and vulnerability management.

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Node JS

fromTheregister

4 days ago

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Node JS

fromBleepingComputer

4 days ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

Node JS

fromInfoQ

2 days ago

Axios npm Package Compromised in Supply Chain Attack

A significant supply chain attack on Axios introduced a Remote Access Trojan via hijacked maintainer accounts, affecting numerous developer environments.

Node JS

fromTheregister

4 days ago

Top npm package backdoored to drop dirty RAT on dev machines

A widely used npm library, axios, was compromised to deliver malware through a maintainer's hijacked account.

Node JS

fromBleepingComputer

4 days ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.

New Rowhammer attacks give complete control of machines running Nvidia GPUs

Rowhammer attacks on Nvidia GPUs can compromise CPU memory, allowing full control of host machines.

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Apple is issuing a rare security patch for iOS 18 to combat the DarkSword hacking tool, breaking from its usual upgrade policy.

Apple

fromZDNET

3 days ago

Still running iOS 18? Install this critical update ASAP

Apple has released a security patch for iPhones running iOS 18 to protect against the DarkSword exploit.

Apple

fromTechRepublic

2 days ago

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Apple is issuing a rare security patch for iOS 18 to combat the DarkSword hacking tool, breaking from its usual upgrade policy.

Apple

fromZDNET

3 days ago

Still running iOS 18? Install this critical update ASAP

Apple has released a security patch for iPhones running iOS 18 to protect against the DarkSword exploit.

Tech industry

Microsoft plans another out-of-band Windows fix

fromTheregister

2 days ago

Software development

Some 'broken by update' PCs were already doomed

Information security

fromComputerWeekly.com

1 week ago

Emergency Microsoft, Oracle patches point to wider cyber issues | Computer Weekly

Emergency patches from Microsoft and Oracle highlight ongoing issues with update cycles, patching, and identity security.

Tech industry

fromTheregister

4 days ago

Microsoft plans another out-of-band Windows fix

Microsoft is releasing an out-of-band update to fix installation errors from a problematic preview update.

fromTheregister

2 days ago

Software development

Some 'broken by update' PCs were already doomed

Information security

fromComputerWeekly.com

1 week ago

Emergency Microsoft, Oracle patches point to wider cyber issues | Computer Weekly

Emergency patches from Microsoft and Oracle highlight ongoing issues with update cycles, patching, and identity security.

Drift Protocol Hack 2026: What Happened, Who Lost Money, and What's Next

A Solana-based perpetual futures exchange lost $286 million in 12 minutes due to a sophisticated attack involving fake collateral and social engineering.

Information security

fromThe Hacker News

1 day ago

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

Cryptocurrency

fromnews.bitcoin.com

1 day ago

Drift Protocol Hack 2026: What Happened, Who Lost Money, and What's Next

A Solana-based perpetual futures exchange lost $286 million in 12 minutes due to a sophisticated attack involving fake collateral and social engineering.

Information security

fromThe Hacker News

1 day ago

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.

more#solana

fromNist

2 weeks ago

NVD

Prior to version 3.20.0, using RpcServer.toWebHandler or HttpApp.toWebHandlerRuntime in a Next.js App Router could lead to race conditions, allowing concurrent requests to read incorrect context.

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

Node JS

fromThe Hacker News

4 days ago

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

Information security

fromSiliconANGLE

4 days ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Node JS

fromSecurityWeek

3 days ago

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.

Node JS

fromThe Hacker News

4 days ago

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Axios experienced a supply chain attack due to malicious dependencies in two npm package versions.

Information security

fromSiliconANGLE

4 days ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

Information security

fromInfoQ

1 day ago

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.

Information security

fromThe Hacker News

2 days ago

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

fromSecurityWeek

3 days ago

Information security

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Information security

fromTechRepublic

2 days ago

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.

Information security

fromSecurityWeek

3 days ago

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Google's Chrome 146 update addresses 21 vulnerabilities, including a zero-day exploit tracked as CVE-2026-5281.

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Information security

fromSecurityWeek

2 days ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Information security

fromInfoWorld

1 day ago

Claude Code is still vulnerable to an attack Anthropic has already fixed

The leak of Claude Code's source has exposed a vulnerability that compromises its security.

Information security

fromSecurityWeek

2 days ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

Information security

fromThe Hacker News

1 day ago

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors exploit HTTP cookies for PHP web shells on Linux servers, enabling remote code execution with stealthy control mechanisms.

Information security

fromSecurityWeek

1 day ago

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.

Information security

fromTNW | Insights

7 hours ago

KeeperDB brings zero-trust database access to privileged access management

Database credentials are a major attack vector, and KeeperDB integrates access controls into its PAM platform to enhance security.

fromThe Hacker News

3 days ago

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

"Use-after-free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page."

Information security

fromComputerworld

1 day ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

fromTechzine Global

1 day ago

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.

Information security

fromInfoWorld

1 day ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Information security

fromInfoWorld

1 day ago

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

#malware

fromTheregister

2 days ago

Information security

Fake Claude Code source downloads actually delivered malware

fromSecurityWeek

2 days ago

Information security

Sophisticated CrystalX RAT Emerges

Information security

fromTechRepublic

3 days ago

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

fromBleepingComputer

5 days ago

Information security

New RoadK1ll WebSocket implant used to pivot on breached networks

Information security

fromTheregister

2 days ago

Fake Claude Code source downloads actually delivered malware

Leaked Claude Code source code led to malware downloads, including credential-stealing Vidar and proxy tool GhostSocks, via a malicious GitHub repository.

Information security

fromSecurityWeek

2 days ago

Sophisticated CrystalX RAT Emerges

CrystalX RAT is a new malware-as-a-service combining spyware, stealer, and remote access capabilities, promoted on Telegram and YouTube.

Information security

fromTechRepublic

3 days ago

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Information security

fromBleepingComputer

5 days ago

New RoadK1ll WebSocket implant used to pivot on breached networks

RoadK1ll is a Node.js implant that enables attackers to pivot from a compromised host to other internal systems undetected.

Jamf warns of massive app insecurities

Mac and iOS users face significant security threats, with many devices vulnerable to attacks and outdated systems.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Information security

fromTheregister

2 days ago

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Information security

fromInfoQ

4 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

Information security

fromSecurityWeek

2 days ago

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Information security

fromTheregister

2 days ago

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Information security

fromInfoQ

4 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.

more#supply-chain-attack

Information security

fromSecurityWeek

4 days ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.

Information security

fromTheregister

2 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

Information security

fromTechzine Global

2 days ago

Blind trust in hardware vendors is always a bad idea

Attackers are increasingly targeting hardware and firmware vulnerabilities as traditional security tools focus primarily on software layers.

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

Information security

fromwww.cybersecuritydive.com

3 days ago

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

Information security

fromFortune

2 days ago

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.

Information security

fromwww.cybersecuritydive.com

3 days ago

Axios open-source library targeted in sophisticated supply chain attack

A North Korean threat actor compromised the axios library, introducing a malicious dependency that deploys a backdoor across multiple operating systems.

HPE sees the network as a security sensor: what does that mean?

HPE Networking views the network as a critical security sensor and enforcement point, especially after acquiring Juniper Networks.

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Information security

fromSecurityWeek

5 days ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Information security

fromThe Hacker News

1 week ago

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.

Information security

fromSecurityWeek

1 week ago

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

Citrix released critical patches for vulnerabilities in NetScaler ADC and Gateway, addressing memory leaks and session mixup issues.

Information security

fromThe Hacker News

1 week ago

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix released security updates for critical vulnerabilities in NetScaler ADC and Gateway that could leak sensitive data.

Information security

fromTheregister

5 days ago

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.

Information security

fromSecurityWeek

5 days ago

Exploitation of Fresh Citrix NetScaler Vulnerability Begins

Exploitation of a critical Citrix NetScaler vulnerability began shortly after its public disclosure, with active attempts detected within days.

Information security

fromThe Hacker News

1 week ago

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A critical security flaw in Citrix NetScaler ADC and Gateway requires immediate patching to prevent exploitation.

Information security

fromSecurityWeek

1 week ago

Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn

Citrix released critical patches for vulnerabilities in NetScaler ADC and Gateway, addressing memory leaks and session mixup issues.

Information security

fromThe Hacker News

1 week ago

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix released security updates for critical vulnerabilities in NetScaler ADC and Gateway that could leak sensitive data.

more#citrix

Information security

fromComputerWeekly.com

4 days ago

Banning routers won't fix what's already broken | Computer Weekly

The FCC's ban on foreign-made routers addresses future procurement, not current security risks, as routers are already vulnerable and widely deployed.

Information security

fromSecurityWeek

4 days ago

CrewAI Vulnerabilities Expose Devices to Hacking

Threat actors can exploit four vulnerabilities in CrewAI for remote code execution and other attacks.

Information security

fromSecurityWeek

4 days ago

StrongSwan Flaw Allows Unauthenticated Attackers to Crash VPNs

A high-severity vulnerability in StrongSwan's EAP-TTLS AVP parser can be exploited remotely to crash VPN services.

Information security

fromSecurityWeek

4 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

Information security

fromInfoQ

4 days ago

Cloudflare Adds Active API Vulnerability Scanning to Its Edge

Cloudflare's Web and API Vulnerability Scanner focuses on detecting Broken Object Level Authorization vulnerabilities in APIs.

Information security

fromThe Hacker News

4 days ago

TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks

A high-severity vulnerability in TrueConf software has been exploited, allowing attackers to execute arbitrary code via tampered updates.

Information security

fromSecurityWeek

1 week ago

BIND Updates Patch High-Severity Vulnerabilities

ISC released BIND 9 updates to fix four vulnerabilities, including two high-severity bugs that can lead to memory leaks and high CPU consumption.

fromTechRepublic

1 week ago

Information security

TP-Link Fixes Bug That Lets Hackers Take Over Routers Without a Password

TP-Link patched critical vulnerabilities in Archer NX routers that allowed unauthorized firmware installation and network manipulation.

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.

Information security

fromSecurityWeek

1 week ago

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

Oracle issued critical patches for vulnerabilities in Identity Manager and Web Services Manager, allowing remote code execution by unauthenticated attackers.

Information security

fromTechzine Global

1 week ago

Oracle releases emergency patch for serious vulnerability

A critical vulnerability in Oracle Identity Manager and Oracle Web Services Manager allows remote code execution without authentication, posing severe risks.

Information security

fromSecurityWeek

1 week ago

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

Oracle issued critical patches for vulnerabilities in Identity Manager and Web Services Manager, allowing remote code execution by unauthenticated attackers.

Lightning-fast exploits mean patch fast, says Cisco Talos

Strengthening MFA policies and enhancing anti-phishing training are critical as attackers exploit vulnerabilities rapidly and effectively.

Information security

fromSecurityWeek

2 weeks ago

Cisco Firewall Vulnerability Exploited as Zero-Day in Interlock Ransomware Attacks

Cisco firewall vulnerability CVE-2026-20131 was exploited as a zero-day by Interlock cybercrime group since January 26, before the March 4 patch announcement.

Information security

fromComputerworld

3 weeks ago

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

Microsoft's March Patch Tuesday addresses 83 vulnerabilities including two zero-day exploits in SQL Server and .NET, while introducing Common Log File System hardening with signature verification.

Information security

fromZero Day Initiative

3 weeks ago

Zero Day Initiative - The March 2026 Security Update Review

Adobe released eight bulletins in March 2026 addressing 80 CVEs across multiple products, with critical patches for Acrobat Reader, Substance 3D Stager, and Premiere Pro focusing on arbitrary code execution vulnerabilities.

Information security

fromThe Hacker News

3 weeks ago

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.

fromTheregister

1 month ago

CISA gives feds 3 days to patch actively exploited Dell bug

Uncle Sam's cyber defenders have given federal agencies just three days to patch a maximum-severity Dell bug that's been under active exploitation since at least mid-2024. CISA this week added the flaw, tracked as CVE-2026-22769, to its Known Exploited Vulnerabilities catalog, ordering civilian agencies to secure affected systems by February 21 - giving them just three days to get fixes in place.

Information security

fromTheregister

2 months ago

Cisco finally fixes max-severity bug under attack for weeks

Cisco released updates fixing a maximum-severity AsyncOS vulnerability (CVE-2025-20393) exploited for root access and persistence on SEG and SEWM appliances.

Information security

fromSecurityWeek

1 month ago

BeyondTrust Patches Critical RCE Vulnerability

Critical unauthenticated RCE (CVE-2026-1731, CVSS 9.9) affects BeyondTrust RS and PRA; patches are available and many internet-accessible on-prem deployments are likely exposed.

#cve-2026-20045

fromThe Hacker News

2 months ago

Information security

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

fromTheregister

2 months ago

Information security

Cisco plugs up Unified Comms zero-day under active exploit

fromThe Hacker News

2 months ago

Information security

Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

fromTheregister

2 months ago

Information security

Cisco plugs up Unified Comms zero-day under active exploit

High-Severity Remote Code Execution Vulnerability Patched in OpenSSL

OpenSSL patched twelve vulnerabilities including a high-severity stack buffer overflow (CVE-2025-15467) that can cause DoS or remote code execution.

Information security

fromTheregister

2 months ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.

Information security

fromThe Hacker News

2 months ago

Microsoft Fixes 114 Windows Flaws in January 2026 Patch, One Actively Exploited

Microsoft released January 2026 security updates addressing 114 vulnerabilities, including an actively exploited Desktop Window Manager information-disclosure flaw CVE-2026-20805.

[ Load more ]

#cve-2025-40778#cve-2025-40778

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco Patches Multiple Vulnerabilities in IOS Software

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco Patches Multiple Vulnerabilities in IOS Software

Understanding the risks of OpenClaw

OpenClaw gives users yet another reason to be freaked out about security

Understanding the risks of OpenClaw

OpenClaw gives users yet another reason to be freaked out about security

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

European Commission breached after hackers poisoned open-source security tool Trivy

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

L.A. Metro confirms it was hacked. Weeks later, it's still getting systems back online

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

European Commission breached after hackers poisoned open-source security tool Trivy

Are We Ready for the Next Cyber Security Crisis Like Log4shell?

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Internet Bug Bounty program hits pause on payouts

The State of Trusted Open Source Report

Internet Bug Bounty program hits pause on payouts

The State of Trusted Open Source Report

Axios npm Package Compromised in Supply Chain Attack

Top npm package backdoored to drop dirty RAT on dev machines

Hackers compromise Axios npm package to drop cross-platform malware

Axios npm Package Compromised in Supply Chain Attack

Top npm package backdoored to drop dirty RAT on dev machines

Hackers compromise Axios npm package to drop cross-platform malware

New Rowhammer attacks give complete control of machines running Nvidia GPUs

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Still running iOS 18? Install this critical update ASAP

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Still running iOS 18? Install this critical update ASAP

Microsoft plans another out-of-band Windows fix

Some 'broken by update' PCs were already doomed

Emergency Microsoft, Oracle patches point to wider cyber issues | Computer Weekly

Microsoft plans another out-of-band Windows fix

Some 'broken by update' PCs were already doomed

Emergency Microsoft, Oracle patches point to wider cyber issues | Computer Weekly

Drift Protocol Hack 2026: What Happened, Who Lost Money, and What's Next

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift Protocol Hack 2026: What Happened, Who Lost Money, and What's Next

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

NVD

Axios NPM Package Breached in North Korean Supply Chain Attack

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios NPM Package Breached in North Korean Supply Chain Attack

Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Critical ShareFile Flaws Lead to Unauthenticated RCE

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome

Claude Code is still vulnerable to an attack Anthropic has already fixed

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Claude Code is still vulnerable to an attack Anthropic has already fixed

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Mobile Attack Surface Expands as Enterprises Lose Control

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

KeeperDB brings zero-trust database access to privileged access management

New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation - Patch Released

A core infrastructure engineer pleads guilty to federal charges in insider attack

Axios supply chain attack victim posts postmortem to prevent a repeat

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

Fake Claude Code source downloads actually delivered malware

Sophisticated CrystalX RAT Emerges

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

New RoadK1ll WebSocket implant used to pivot on breached networks

#cve-2025-40778
#cve-2025-40778