Topic: active exploitation

Sort by: Relevance | Date
  • Cisco ASA Firewalls Under Active Attack from Zero-Day Exploits
    September 28, 2025

    Cisco ASA Firewalls Under Active Attack from Zero-Day Exploits

    Cisco has issued an urgent alert to patch two actively exploited zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) affecting its ASA and FTD software. The company, aided by international cybersecurity agencies, also addressed a third critical flaw (CVE-2025-20363) but has not linked it...

    Read More »
  • CISA Warns of Active Dassault RCE Exploit—Patch Now
    September 13, 2025

    CISA Warns of Active Dassault RCE Exploit—Patch Now

    A critical remote code execution vulnerability (CVE-2025-5086) is being actively exploited in Dassault Systèmes' DELMIA Apriso software, affecting versions from 2020 to 2025. The flaw, caused by unsafe deserialization, allows attackers to execute arbitrary code via malicious SOAP requests, with e...

    Read More »
  • SAP Issues Critical Security Alert for Multiple Products
    September 10, 2025

    SAP Issues Critical Security Alert for Multiple Products

    SAP has issued a critical security alert for multiple vulnerabilities, including one with the highest severity score, as threat actors actively exploit a separate high-severity flaw. The most severe vulnerability, CVE-2025-42944 with a CVSS score of 10.0, affects the NetWeaver platform and allows...

    Read More »
  • SAP S/4HANA Vulnerability Actively Exploited in Attacks
    September 6, 2025

    SAP S/4HANA Vulnerability Actively Exploited in Attacks

    A critical vulnerability (CVE-2025-42957) in SAP S/4HANA allows attackers to execute unauthorized code and gain administrative control. Despite a patch being available since August 2025, many systems remain unpatched, leading to active exploitation in the wild. Successful attacks can result in se...

    Read More »
  • Active Exploits Target Trend Micro Apex One Flaws (CVE-2025-54948, CVE-2025-54987)
    August 7, 2025

    Active Exploits Target Trend Micro Apex One Flaws (CVE-2025-54948, CVE-2025-54987)

    Security teams are alert as attackers exploit unpatched vulnerabilities (CVE-2025-54948 and CVE-2025-54987) in Trend Micro's Apex One, risking remote code execution until a mid-August 2025 patch. Trend Micro released an interim mitigation tool for on-premise versions, disabling the vulnerable Rem...

    Read More »
  • Cisco ISE critical flaws actively exploited by hackers
    July 24, 2025

    Cisco ISE critical flaws actively exploited by hackers

    Cisco has warned of active exploitation targeting critical vulnerabilities in its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC), confirming real-world attacks. Three flaws (CVE-2025-20281, CVE-2025-20337, CVE-2025-20282) allow remote root-level access, arbitrary code exe...

    Read More »
  • Patch Alert: CitrixBleed 2 Still a Threat (CVE-2025-5777)
    July 10, 2025

    Patch Alert: CitrixBleed 2 Still a Threat (CVE-2025-5777)

    A critical vulnerability (CVE-2025-5777) in Citrix NetScaler systems is being exploited, enabling session hijacking and unauthorized access despite Citrix's denial of confirmed attacks. The flaw allows attackers to extract session tokens via manipulated login requests, potentially compromising ad...

    Read More »
  • 1,200+ Citrix servers vulnerable to critical auth bypass flaw
    July 1, 2025

    1,200+ Citrix servers vulnerable to critical auth bypass flaw

    Over 1,200 Citrix NetScaler systems remain vulnerable to CVE-2025-5777, a severe authentication bypass flaw enabling session hijacking and MFA bypass, with potential active exploitation despite Citrix's denial. The flaw, dubbed "Citrix Bleed 2," allows attackers to steal session tokens and creden...

    Read More »
  • CitrixBleed 2 Vulnerability Actively Exploited
    June 28, 2025

    CitrixBleed 2 Vulnerability Actively Exploited

    A critical vulnerability in Citrix NetScaler systems (CVE-2025-5777, CVSS 9.3), dubbed CitrixBleed 2, allows attackers to bypass authentication and compromise user sessions, similar to the 2023 CitrixBleed exploit. Attackers are actively exploiting the flaw, using tactics like MFA bypass, session...

    Read More »
  • Critical Server Vulnerability Actively Exploited - Patch Now!
    June 27, 2025

    Critical Server Vulnerability Actively Exploited - Patch Now!

    A critical 10/10 severity vulnerability in AMI MegaRAC firmware (CVE-2024-54085) allows attackers to bypass authentication and gain full server control via BMCs, putting thousands of systems at risk. Exploits are now active in the wild, enabling attackers to pivot across networks, comprom...

    Read More »
  • Roundcube RCE Flaw (CVE-2025-49113) Sparks Dark Web Attack Fears
    June 10, 2025

    Roundcube RCE Flaw (CVE-2025-49113) Sparks Dark Web Attack Fears

    A critical vulnerability (CVE-2025-49113) in Roundcube webmail allows attackers to execute malicious code, putting thousands of unpatched servers at risk, with exploit code already circulating. Around 84,000 exposed Roundcube installations, primarily in Europe, Asia, and North America, include hi...

    Read More »

Related Topics

remote code execution (4) authentication bypass (3) security patching urgency (2) cve-2025-5777 (2) cve identifiers (2) session hijacking (2) deserialization vulnerability (2) cve-2025-6543 (2)