Threat actors have exploited a zero-day vulnerability in Craft CMS to execute PHP code on hundreds of websites.
The post Craft CMS Zero-Day Exploited to Compromise Hundreds of Websites appeared first on SecurityWeek.
SAP Zero-Day Possibly Exploited by Initial Access Broker
A zero-day vulnerability in SAP NetWeaver potentially affects more than 10,000 internet-facing applications.
The post SAP Zero-Day Possibly Exploited by Initial Access Broker appeared first on SecurityWeek.
Fresh Windows NTLM Vulnerability Exploited in Attacks
A Windows NTLM vulnerability patched in March has been exploited in attacks targeting government and private institutions.
The post Fresh Windows NTLM Vulnerability Exploited in Attacks appeared first on SecurityWeek.
SonicWall Flags Old Vulnerability as Actively Exploited
A SonicWall SMA 100 series vulnerability patched in 2021, which went unnoticed at the time of patching, is being exploited in the wild.
The post SonicWall Flags Old Vulnerability as Actively Exploited appeared first on SecurityWeek.
Vulnerability in OttoKit WordPress Plugin Exploited in the Wild
A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild.
The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek.
Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia
Firefox developers have determined that their browser is affected by a vulnerability similar to the recent Chrome sandbox escape zero-day.
The post Firefox Affected by Flaw Similar to Chrome Zero-Day Exploited in Russia appeared first on SecurityWeek.
Critical Next.js Vulnerability in Hacker Crosshairs
Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js.
The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek.
Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots
DrayTek routers around the world are rebooting and the vendor’s statement suggests that it may involve the exploitation of a vulnerability.
The post Vulnerability Exploitation Possibly Behind Widespread DrayTek Router Reboots appeared first on SecurityWeek.
CISA Warns of Exploited Nakivo Vulnerability
CISA has added an absolute path traversal bug in Nakivo Backup and Replication to its Known Exploited Vulnerabilities list.
The post CISA Warns of Exploited Nakivo Vulnerability appeared first on SecurityWeek.
Hackers Target Cisco Smart Licensing Utility Vulnerabilities
SANS is seeing attempts to exploit two critical Cisco Smart Licensing Utility vulnerabilities tracked as CVE-2024-20439 and CVE-2024-20440.
The post Hackers Target Cisco Smart Licensing Utility Vulnerabilities appeared first on SecurityWeek.