Topic: internet exposure

Sort by: Relevance | Date
  • CISA Mandates Federal Patch for Actively Exploited MongoBleed Flaw
    December 31, 2025
    83%

    CISA Mandates Federal Patch for Actively Exploited MongoBleed Flaw

    A critical vulnerability in MongoDB, tracked as CVE-2025-14847 and dubbed MongoBleed, is being actively exploited to remotely steal sensitive data like credentials and logs from unpatched servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to pa...

    Read More »
  • Microsoft Silent as Hackers Exploit WSUS Server Bug
    October 28, 2025
    83%

    Microsoft Silent as Hackers Exploit WSUS Server Bug

    A critical Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287) is being actively exploited, allowing attackers to execute arbitrary code and take full control of affected systems. Microsoft issued an emergency patch after an initial fix failed, but security researchers have alrea...

    Read More »
  • Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability
    September 20, 2025
    82%

    Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability

    Fortra has issued an urgent alert for a critical vulnerability (CVE-2025-10035) in GoAnywhere MFT software, allowing remote command injection due to unsafe data deserialization. The vulnerability can be exploited without user interaction, particularly affecting internet-exposed Admin Consoles, an...

    Read More »
  • Fortra GoAnywhere MFT Zero-Day Actively Exploited
    September 27, 2025
    80%

    Fortra GoAnywhere MFT Zero-Day Actively Exploited

    A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT was exploited for over a week before a patch was released on September 18, 2025, allowing attackers to achieve remote code execution. The flaw, a deserialization vulnerability with a CVSS score of 10.0, enabled threat actors to ...

    Read More »
  • Pro-Russia Hackers Target Water Utility in Honeypot Sting
    October 13, 2025
    70%

    Pro-Russia Hackers Target Water Utility in Honeypot Sting

    A Russia-aligned hacktivist group called TwoNet was tricked into attacking a decoy water treatment facility, revealing their shift from website disruptions to targeting industrial infrastructure. The group used default credentials to access the system, performed disruptive actions like deleting c...

    Read More »
  • Urgent Redis Update Fixes Critical RCE Vulnerability
    October 8, 2025
    70%

    Urgent Redis Update Fixes Critical RCE Vulnerability

    A critical use-after-free vulnerability (CVE-2025-49844) in Redis's Lua scripting allows authenticated attackers to execute arbitrary code on the host server, affecting versions 8.2.1 and earlier. The flaw is exacerbated by default configurations in Redis container images that disable authenticat...

    Read More »
  • CISA Alerts: Old GitLab Bug Actively Exploited in Attacks
    February 5, 2026
    65%

    CISA Alerts: Old GitLab Bug Actively Exploited in Attacks

    A critical, years-old GitLab vulnerability (CVE-2021-39935) is now being actively exploited, prompting urgent warnings from U.S. cybersecurity authorities. CISA has mandated federal agencies to patch this flaw within three weeks and strongly recommends all organizations do the same, as it allows ...

    Read More »
  • Cisco Customers Vulnerable to New Chinese Hacking Campaign
    December 20, 2025
    65%

    Cisco Customers Vulnerable to New Chinese Hacking Campaign

    A Chinese state-sponsored hacking campaign is exploiting a critical zero-day vulnerability (CVE-2025-20393) in Cisco's Secure Email Gateway and Web Manager software, primarily targeting systems in India, Thailand, and the United States. The attack surface is limited to hundreds of systems, as exp...

    Read More »
  • Ivanti warns of critical code execution flaw in Endpoint Manager
    December 11, 2025
    65%

    Ivanti warns of critical code execution flaw in Endpoint Manager

    A critical vulnerability (CVE-2025-10573) in Ivanti's Endpoint Manager allows unauthenticated attackers to execute arbitrary code by tricking an administrator into viewing a compromised dashboard. Ivanti has released a patch, but the risk is heightened as hundreds of EPM instances are exposed onl...

    Read More »
  • Active Attacks Exploit Critical WSUS Flaw in Windows Server
    October 25, 2025
    65%

    Active Attacks Exploit Critical WSUS Flaw in Windows Server

    Actively exploited critical vulnerabilities (CVE-2025-59287) in Windows Server Update Services (WSUS) allow remote code execution and system takeover, requiring immediate emergency patching. Microsoft has released out-of-band security updates for all affected Windows Server versions and recommend...

    Read More »
  • SonicWall SMA1000 Zero-Day Exploited in Active Attacks
    December 19, 2025
    60%

    SonicWall SMA1000 Zero-Day Exploited in Active Attacks

    SonicWall has issued an urgent alert for SMA1000 appliance users to apply a critical update, as active attacks exploit a new medium-severity local privilege escalation flaw (CVE-2025-40602) chained with a previously patched critical bug to achieve remote code execution with root privileges. The v...

    Read More »
  • Millions of Cisco Devices Hit by Active 0-Day Attack
    September 25, 2025
    45%

    Millions of Cisco Devices Hit by Active 0-Day Attack

    A critical vulnerability (CVE-2025-20352) affects approximately two million Cisco devices, allowing attackers to crash systems or execute malicious code with the highest privileges. The flaw is a stack overflow bug in the SNMP processing component and is being actively exploited, prompting Cisco ...

    Read More »

Related Topics

remote code execution (6) patch management (4) active exploitation (3) security updates (3) remote exploitation (3) privilege escalation (2) zero-day exploit (2) command injection (2)