The Windows shortcut vulnerability has been seen in attacks conducted by Mustang Panda to drop the PlugX malware.
The post Chinese APT Exploits Unpatched Windows Flaw in Recent Attacks appeared first on SecurityWeek.
XWiki Vulnerability Exploited in Cryptocurrency Mining Operation
Exploits have been available publicly for over half a year, but the bug was previously targeted only for reconnaissance.
The post XWiki Vulnerability Exploited in Cryptocurrency Mining Operation appeared first on SecurityWeek.
CISA Warns of Exploited DELMIA Factory Software Vulnerabilities
Two DELMIA Apriso flaws can be chained together to gain privileged access to the application and execute arbitrary code remotely.
The post CISA Warns of Exploited DELMIA Factory Software Vulnerabilities appeared first on SecurityWeek.
Year-Old WordPress Plugin Flaws Exploited to Hack Websites
Roughly 9 million exploit attempts were observed this month as mass exploitation of the critical vulnerabilities recommenced.
The post Year-Old WordPress Plugin Flaws Exploited to Hack Websites appeared first on SecurityWeek.
Chrome Zero-Day Exploitation Linked to Hacking Team Spyware
The threat actor behind Operation ForumTroll used the same toolset typically employed in Dante spyware attacks.
The post Chrome Zero-Day Exploitation Linked to Hacking Team Spyware appeared first on SecurityWeek.
Critical Windows Server WSUS Vulnerability Exploited in the Wild
CVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available.
The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk
Patched in September, the SessionReaper bug could be exploited without authentication to bypass a security feature.
The post Exploitation of Critical Adobe Commerce Flaw Puts Many eCommerce Sites at Risk appeared first on SecurityWeek.
Lanscope Endpoint Manager Zero-Day Exploited in the Wild
The bug has been exploited in the wild as a zero-day and the US cybersecurity agency CISA has added it to its KEV catalog.
The post Lanscope Endpoint Manager Zero-Day Exploited in the Wild appeared first on SecurityWeek.
CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities
Leading to code execution, authentication bypass, and privilege escalation, the flaws were added to CISA’s KEV list.
The post CISA Warns of Exploited Apple, Kentico, Microsoft Vulnerabilities appeared first on SecurityWeek.
CISA Confirms Exploitation of Latest Oracle EBS Vulnerability
The cybersecurity agency has added CVE-2025-61884 to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Confirms Exploitation of Latest Oracle EBS Vulnerability appeared first on SecurityWeek.