Topic: cisa known exploited vulnerabilities catalog

Sort by: Relevance | Date
  • Critical SAP NetWeaver Exploit Now Publicly Available
    August 20, 2025

    Critical SAP NetWeaver Exploit Now Publicly Available

    A critical vulnerability (CVE-2025-31324) in SAP NetWeaver AS Java is actively exploited, allowing unauthenticated attackers to execute remote code via the metadata uploader. The exploit's simplicity and public source code enable low-skilled hackers to quickly weaponize it, with real attacks alre...

    Read More »
  • Over 800 N-able Servers Exposed to Critical Unpatched Flaws
    August 19, 2025

    Over 800 N-able Servers Exposed to Critical Unpatched Flaws

    Over 800 N-able N-central servers remain vulnerable to two actively exploited critical flaws, CVE-2025-8875 and CVE-2025-8876, allowing attackers to execute arbitrary commands. The vulnerabilities, involving improper input sanitization and insecure deserialization, have been patched in the N-cent...

    Read More »
  • Active Exploits Target MSP RMM Vulnerabilities (CVE-2025-8875, CVE-2025-8876)
    August 15, 2025

    Active Exploits Target MSP RMM Vulnerabilities (CVE-2025-8875, CVE-2025-8876)

    Critical security flaws (CVE-2025-8875 and CVE-2025-8876) in N-central's remote monitoring platform are being actively exploited, risking MSPs and their clients. The vulnerabilities, involving insecure deserialization and command injection, could grant attackers broad network access if exploited,...

    Read More »
  • Microsoft SharePoint Zero-Day Exploited in RCE Attacks - No Fix Yet
    July 22, 2025

    Microsoft SharePoint Zero-Day Exploited in RCE Attacks - No Fix Yet

    Microsoft SharePoint is under active attack via zero-day vulnerabilities (CVE-2025-53770 and CVE-2025-53771), enabling remote code execution on on-premises servers, with at least 85 servers compromised globally. Microsoft recommends mitigations like enabling AMSI, deploying Defender AV, and rotat...

    Read More »
  • CISA Warns: AMI MegaRAC Bug Exploited in Server Hijacks
    June 27, 2025

    CISA Warns: AMI MegaRAC Bug Exploited in Server Hijacks

    CISA warns of active exploitation of a critical vulnerability (CVE-2024-54085) in AMI's MegaRAC BMC software, allowing attackers to bypass authentication and remotely control servers. Successful exploitation could lead to severe outcomes like malware deployment, ransomware attacks, or permanent h...

    Read More »
  • Trinper Backdoor Abused Chrome Zero-Day in Espionage Campaign
    June 18, 2025

    Trinper Backdoor Abused Chrome Zero-Day in Espionage Campaign

    Google Chrome’s CVE-2025-2783 zero-day was quietly exploited by the espionage group TaxOff to deploy Trinper, a modular backdoor used in highly targeted campaigns. Before the March patch rolled out, Trinper was already stealing clipboard data and establishing covert control in high-value systems. Our breakdown of the campaign reveals how browsers are becoming the new frontline for cyber intrusion.

    Read More »

Related Topics

multiple vendor impact (1) sap netweaver vulnerability cve-2025-31324 (1) cve-2025-8875 (1) chrome zero-day vulnerability cve-2025-2783 (1) cve-2025-8876 (1) federal agency patching mandate (1) unauthenticated remote code execution (1) taxoff threat actor (1)
Close

Adblock Detected

We noticed you're using an ad blocker. To continue enjoying our content and support our work, please consider disabling your ad blocker for this site. Ads help keep our content free and accessible. Thank you for your understanding!