vulnerable
-
Blog
Apache Parquet exploit tool detect servers vulnerable to critical flaw
A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. The tool was released by F5 Labs researchers who investigated the vulnerability after finding that multiple existing PoCs were either weak or completely non-functional. The tool serves as proof of CVE-2025-30065’s practical exploitability and can…
Read More » -
Blog
Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw
Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. SAP NetWeaver is an application server and development platform that runs and connects SAP and non-SAP applications across different technologies. Last week, SAP disclosed an unauthenticated file upload vulnerability, tracked as CVE-2025-31324, in SAP NetWeaver Visual Composer,…
Read More » -
Blog
Benchmarks Find ‘DeepSeek-V3-0324 Is More Vulnerable Than Qwen2.5-Max’
With the latest stable release dated January 28, 2025, Qwen2.5-Max is classified as a Mixture-of-Experts (MoE) language model developed by Alibaba. Like other language models, Qwen2.5-Max is capable of generating text, understanding different languages, and performing advanced logic. According to recent benchmarks, it is also more secure than DeepSeek-V3-0324. Using Recon to scan for vulnerabilities A team of analysts with…
Read More » -
Blog
Millions of RSA encryption keys could be vulnerable to attack
Millions of RSA encryption keys contain major flaws, making them vulnerable to attack, according to new research. Analysis from Keyfactor found around 1 in 172 of all certificates found online are susceptible to compromise through a mathematical attack, equating to potentially millions of keys. The vulnerability mainly affects Internet of Things (IoT) devices, but is a risk for any system…
Read More » -
Blog
94% of Wi-Fi networks are vulnerable to deauthentication attacks
Research shows the vast majority of Wi-Fi networks are vulnerable to a popular type of denial-of-service (DoS) attack that is frequently deployed in larger cyber intrusion efforts. A new report from Nozomi Networks that analysed telemetry from hundreds of OT and IoT environments found 94% of Wi-Fi networks lacked the proper protections against deauthentication attacks. Deauthentication attacks are a form…
Read More » -
Blog
Laravel admin package Voyager vulnerable to one-click RCE flaw
Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. The issues remain unfixed and can be exploited against an authenticated Voyager user that clicks on a malicious link. Vulnerability researchers at SonarSource, a code quality and security company, say that they tried to report the flaws to the Voyager maintainers…
Read More » -
Blog
Apple M-Series Chips Are Vulnerable to Side-Channel Attacks
Security researchers from Georgia Institute of Technology and Ruhr University Bochum discovered two side-channel vulnerabilities in devices with Apple name-brand chips from 2021 or later that could expose sensitive information to attackers. Specifically, the vulnerabilities known as SLAP and FLOP skim credit card information, locations, and other personal data. Data can be gathered from sites like iCloud Calendar, Google Maps,…
Read More » -
Blog
NAO warns that UK government doesn’t know how vulnerable its IT systems are
The cyber threat to the UK government is ‘severe and advancing quickly’, the National Audit Office (NAO) has found. It said the government’s new cyber assurance scheme, GovAssure, independently assessed 58 critical departmental IT systems last year and found significant gaps in cyber resilience. Meanwhile, there are at least 228 legacy systems in use – and the government doesn’t know…
Read More » -
Blog
Vulnerable Moxa devices expose industrial networks to attacks
Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. The two seurity issues allow remote attackers to get root privileges on vulnerable devices and to execute arbitrary commands, which could lead to arbitrary code execution. Risks on Moxa routers Moxa devices…
Read More » -
Blog
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. By installing outdated plugins with known vulnerabilities with available exploits, the attackers can access a large pool of flaws that lead to remote code execution (RCE), SQL injection, cross-site scripting (XSS) flaws, or create backdoor admin…
Read More »