The unauthenticated local file inclusion bug allows attackers to retrieve the machine key and execute code remotely via a ViewState deserialization issue.
The post Gladinet Patches Exploited CentreStack Vulnerability appeared first on SecurityWeek.
Organizations Warned of Exploited Adobe AEM Forms Vulnerability
A public PoC existed when Adobe patched the Experience Manager Forms (AEM Forms) bug in early August.
The post Organizations Warned of Exploited Adobe AEM Forms Vulnerability appeared first on SecurityWeek.
Cisco Routers Hacked for Rootkit Deployment
Threat actors are exploiting CVE-2025-20352, a recent Cisco zero-day, to deploy a rootkit on older networking devices.
The post Cisco Routers Hacked for Rootkit Deployment appeared first on SecurityWeek.
Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching
Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks.
The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek.
Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released.
The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek.
Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks
Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882.
The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek.
Organizations Warned of Exploited Meteobridge Vulnerability
Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges.
The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek.
Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability
Impacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM.
The post Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability appeared first on SecurityWeek.
Organizations Warned of Exploited Sudo Vulnerability
The vulnerability could allow local, low-privileged attackers to execute commands with root privileges, leading to full system compromise.
The post Organizations Warned of Exploited Sudo Vulnerability appeared first on SecurityWeek.
Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day
Eight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account.
The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.