Topic: internet exposure
-
Microsoft Silent as Hackers Exploit WSUS Server Bug
A critical Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287) is being actively exploited, allowing attackers to execute arbitrary code and take full control of affected systems. Microsoft issued an emergency patch after an initial fix failed, but security researchers have alrea...
Read More » -
Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability
Fortra has issued an urgent alert for a critical vulnerability (CVE-2025-10035) in GoAnywhere MFT software, allowing remote command injection due to unsafe data deserialization. The vulnerability can be exploited without user interaction, particularly affecting internet-exposed Admin Consoles, an...
Read More » -
Fortra GoAnywhere MFT Zero-Day Actively Exploited
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT was exploited for over a week before a patch was released on September 18, 2025, allowing attackers to achieve remote code execution. The flaw, a deserialization vulnerability with a CVSS score of 10.0, enabled threat actors to ...
Read More » -
Pro-Russia Hackers Target Water Utility in Honeypot Sting
A Russia-aligned hacktivist group called TwoNet was tricked into attacking a decoy water treatment facility, revealing their shift from website disruptions to targeting industrial infrastructure. The group used default credentials to access the system, performed disruptive actions like deleting c...
Read More » -
Urgent Redis Update Fixes Critical RCE Vulnerability
A critical use-after-free vulnerability (CVE-2025-49844) in Redis's Lua scripting allows authenticated attackers to execute arbitrary code on the host server, affecting versions 8.2.1 and earlier. The flaw is exacerbated by default configurations in Redis container images that disable authenticat...
Read More » -
Active Attacks Exploit Critical WSUS Flaw in Windows Server
Actively exploited critical vulnerabilities (CVE-2025-59287) in Windows Server Update Services (WSUS) allow remote code execution and system takeover, requiring immediate emergency patching. Microsoft has released out-of-band security updates for all affected Windows Server versions and recommend...
Read More » -
Millions of Cisco Devices Hit by Active 0-Day Attack
A critical vulnerability (CVE-2025-20352) affects approximately two million Cisco devices, allowing attackers to crash systems or execute malicious code with the highest privileges. The flaw is a stack overflow bug in the SNMP processing component and is being actively exploited, prompting Cisco ...
Read More »