vulnerability
CISA tags NAKIVO backup flaw as actively exploited in attacks
CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software. Tracked as CVE-2024-48248, this absolute path traversal flaw can be exploited by unauthenticated attackers to read arbitrary files on vulnerable devices. The US-based backup and ransomware recovery software vendor silently patched the security flaw […]
Popular WordPress security plugin WP Ghost vulnerable to RCE bug
Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. WP Ghost is a popular security add-on used in over 200,000 WordPress sites that claims to stop 140,000 hacker attacks and over 9 million brute-forcing attempts every month. It also […]
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. However, as security researchers Peter Girnus and Aliakbar Zahravi with Trend Micro’s Zero Day Initiative (ZDI) reported today, Microsoft tagged it as “not meeting the […]
Critical RCE flaw in Apache Tomcat actively exploited in attacks
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week. The malicious activity […]
Cisco IOS XR vulnerability lets attackers crash BGP on routers
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. IOS XR runs on the company’s carrier-grade, Network Convergence System (NCS), and Carrier Routing System (CRS) series of routers, such as the ASR 9000, NCS 5500, and 8000 series. This high-severity flaw (tracked […]
GitLab patches critical authentication bypass vulnerabilities
GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. All flaws were addressed in GitLab CE/EE versions 17.7.7, 17.8.5, and 17.9.2, while all versions before those are vulnerable. GitLab.com is already patched, and GitLab Dedicated customers will be updated […]
Facebook discloses FreeType 2 flaw exploited in attacks
Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. FreeType is a popular open-source font rendering library used to display text and programmatically add text to images. It provides functionality to load, rasterize, and render […]
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws
Today is Microsoft’s March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. This Patch Tuesday also fixes three “Critical” vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: The above numbers do not include Mariner flaws and 10 Microsoft Edge vulnerabilities […]
Critical PHP RCE vulnerability mass exploited in new attacks
Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577, this PHP-CGI argument injection flaw was patched in June 2024 and affects Windows PHP installations with PHP running in CGI mode. Successful exploitation enables unauthenticated attackers to execute arbitrary code and leads to […]
Unpatched Edimax IP camera flaw actively exploited in botnet attacks
A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. The flaw was discovered by Akamai researchers, who confirmed to GeekFeed that the flaw is exploited in attacks that are still ongoing. Akamai researcher Kyle Lefton told GeekFeed that they will provide more technical […]