exploited

  • Blog
    digitpatrox1 day ago
    17

    CISA tags recently patched Chrome bug as actively exploited

    On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. Solidlab security researcher Vsevolod Kokorin discovered the flaw (CVE-2025-4664) and shared technical details online on May 5th. Google released security updates to patch it on Wednesday. As Kokorin explained, the vulnerability is due to insufficient policy enforcement in Google Chrome’s…

    Read More »
  • Blog
    digitpatrox6 days ago
    24

    SAP patches second zero-day flaw exploited in recent attacks

    SAP has released patches to address a second vulnerability exploited in recent attacks targeting SAP NetWeaver servers as a zero-day. The company issued security updates for this security flaw (CVE-2025-42999) on Monday, May 12, saying it was discovered while investigating zero-day attacks involving another unauthenticated file upload flaw (tracked as CVE-2025-31324) in SAP NetWeaver Visual Composer that was fixed in…

    Read More »
  • Blog
    digitpatrox6 days ago
    35

    Output Messenger flaw exploited as zero-day in espionage attacks

    A Türkiye-backed cyberespionage group exploited a zero-day vulnerability to attack Output Messenger users linked to the Kurdish military in Iraq. Microsoft Threat Intelligence analysts who spotted these attacks also discovered the security flaw (CVE-2025-27920) in the LAN messaging application, a directory traversal vulnerability that can let authenticated attackers access sensitive files outside the intended directory or deploy malicious payloads on…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    41

    Play ransomware exploited Windows logging flaw in zero-day attacks

    The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability, tracked as CVE-2025-29824, was tagged by Microsoft as exploited in a limited number of attacks and patched during last month’s Patch Tuesday. “The targets include organizations in the information technology (IT) and…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    34

    Critical Langflow RCE flaw exploited to hack AI app servers

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. The vulnerability is tracked as CVE-2025-3248 and is a critical unauthenticated RCE flaw that allows any attacker on the internet to take full control of vulnerable Langflow servers by exploiting an…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    42

    Samsung MagicINFO 9 Server RCE flaw now exploited in attacks

    Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. Samsung MagicINFO Server is a centralized content management system (CMS) used to remotely manage and control digital signage displays made by Samsung. It is used by retail stores, airports, hospitals, corporate buildings, and restaurants, where there’s a need…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    34

    SMA100 VPN vulnerabilities now exploited in attacks

    ​Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. On Tuesday, SonicWall updated security advisories for the CVE-2023-44221 and CVE-2024-38475 security flaws to tag the two vulnerabilities as “potentially being exploited in the wild.” CVE-2023-44221 is described as a high-severity command injection vulnerability caused by improper…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    40

    CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. The flaws were added yesterday to CISA’s ‘Known Exploited Vulnerabilities’ (KEV) catalog, with the Broadcom Brocade Fabric OS and Commvault flaws not previously tagged as exploited. Broadcom Brocade Fabric OS…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    32

    Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw

    Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. SAP NetWeaver is an application server and development platform that runs and connects SAP and non-SAP applications across different technologies. Last week, SAP disclosed an unauthenticated file upload vulnerability, tracked as CVE-2025-31324, in SAP NetWeaver Visual Composer,…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    46

    SAP fixes suspected Netweaver zero-day exploited in attacks

    SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE-2025-31324 and rated critical (CVSS v3 score: 10.0), is an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer, specifically the Metadata Uploader component. It allows attackers to upload malicious executable files without needing…

    Read More »
Load More
Back to top button
close