In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed.
The post Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers appeared first on SecurityWeek.
Recent Apache ActiveMQ Vulnerability Exploited in the Wild
The remote code execution vulnerability tracked as CVE-2026-34197 came to light in early April.
The post Recent Apache ActiveMQ Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Exploited Vulnerability Exposes Nginx Servers to Hacking
Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool.
The post Exploited Vulnerability Exposes Nginx Servers to Hacking appeared first on SecurityWeek.
Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
Experts say this is the second-largest Microsoft Patch Tuesday ever based on CVE count.
The post Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities appeared first on SecurityWeek.
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities
The security defects allow attackers to escalate privileges and execute arbitrary code remotely.
The post Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities appeared first on SecurityWeek.
Adobe Patches Reader Zero-Day Exploited for Months
The vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution.
The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek.
Critical Marimo Flaw Exploited Hours After Public Disclosure
Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild.
The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek.
Adobe Reader Zero-Day Exploited for Months: Researcher
Reputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability.
The post Adobe Reader Zero-Day Exploited for Months: Researcher appeared first on SecurityWeek.
Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
The vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution.
The post Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover appeared first on SecurityWeek.
Critical Flowise Vulnerability in Attacker Crosshairs
The improper validation of user-supplied JavaScript code allows attackers to execute arbitrary code and access the file system.
The post Critical Flowise Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
