Google has observed ViewState deserialization attacks leveraging a sample machine key exposed in older deployment guides.
The post Hackers Exploit Sitecore Zero-Day for Malware Delivery appeared first on SecurityWeek.
Two Exploited Vulnerabilities Patched in Android
Elevation of privilege flaws in Android Runtime (CVE-2025-48543) and Linux kernel (CVE-2025-38352) have been exploited in targeted attacks.
The post Two Exploited Vulnerabilities Patched in Android appeared first on SecurityWeek.
Organizations Warned of Exploited Git Vulnerability
CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution.
The post Organizations Warned of Exploited Git Vulnerability appeared first on SecurityWeek.
Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI
Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171.
The post Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI appeared first on SecurityWeek.
New Exploit Poses Threat to SAP NetWeaver Instances
A new public exploit chains two critical flaws in SAP NetWeaver, exposing unpatched instances to code execution attacks.
The post New Exploit Poses Threat to SAP NetWeaver Instances appeared first on SecurityWeek.
Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities
More than 870 N-able N-central instances have not been patched against CVE-2025-8875 and CVE-2025-8876, two exploited vulnerabilities.
The post Hundreds of N-able N-central Instances Affected by Exploited Vulnerabilities appeared first on SecurityWeek.
CISA Warns of Attacks Exploiting N-able Vulnerabilities
CISA reported becoming aware of attacks exploiting CVE-2025-8875 and CVE-2025-8876 in N-able N-central on the day they were patched.
The post CISA Warns of Attacks Exploiting N-able Vulnerabilities appeared first on SecurityWeek.
OT Networks Targeted in Widespread Exploitation of Erlang/OTP Vulnerability
The recently patched Erlang/OTP flaw CVE-2025-32433 has been exploited since early May, shortly after its existence came to light.
The post OT Networks Targeted in Widespread Exploitation of Erlang/OTP Vulnerability appeared first on SecurityWeek.
Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada
WinRAR has patched CVE-2025-8088, a zero-day exploited by Russia’s RomCom in attacks on financial, defense, manufacturing and logistics companies.
The post Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada appeared first on SecurityWeek.
SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability
SonicWall has been investigating reports about a zero-day potentially being exploited in ransomware attacks, but found no evidence of a new vulnerability.
The post SonicWall Says Recent Attacks Don’t Involve Zero-Day Vulnerability appeared first on SecurityWeek.
