Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released.
The post Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities appeared first on SecurityWeek.
Critical HPE OneView Vulnerability Exploited in Attacks
The maximum-severity code injection flaw can be exploited without authentication for remote code execution.
The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Hackers Exploit Zero-Day in Discontinued D-Link Devices
The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands.
The post Hackers Exploit Zero-Day in Discontinued D-Link Devices appeared first on SecurityWeek.
RondoDox Botnet Exploiting React2Shell Vulnerability
In December, the botnet’s operators focused on weaponizing the flaw to compromise vulnerable Next.js servers.
The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on SecurityWeek.
Adobe ColdFusion Servers Targeted in Coordinated Campaign
GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday.
The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek.
Fortinet Warns of New Attacks Exploiting Old Vulnerability
Tracked as CVE-2020-12812, the exploited FortiOS flaw allows threat actors to bypass two-factor authentication.
The post Fortinet Warns of New Attacks Exploiting Old Vulnerability appeared first on SecurityWeek.
Fresh MongoDB Vulnerability Exploited in Attacks
Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers.
The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek.
WatchGuard Patches Firebox Zero-Day Exploited in the Wild
The critical-severity bug in the Fireware OS’s iked process leads to unauthenticated remote code execution.
The post WatchGuard Patches Firebox Zero-Day Exploited in the Wild appeared first on SecurityWeek.
CISA Warns of Exploited Flaw in Asus Update Tool
Tracked as CVE-2025-59374, the issue is a software backdoor implanted in Asus Live Update in a supply chain attack.
The post CISA Warns of Exploited Flaw in Asus Update Tool appeared first on SecurityWeek.
SonicWall Patches Exploited SMA 1000 Zero-Day
The medium-severity flaw has been exploited in combination with a critical bug for remote code execution.
The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek.
