A newly disclosed authentication bypass vulnerability has exposed thousands of NETGEAR DGND3700v2 routers to remote attacks, allowing cybercriminals to gain complete administrative control without requiring valid credentials. The flaw, tracked as CVE-2025-4978 and assigned a critical CVSS score of 9.3,…
Companies Warned of Commvault Vulnerability Exploitation
CISA warns companies of a widespread campaign targeting a Commvault vulnerability to hack Azure environments. The post Companies Warned of Commvault Vulnerability Exploitation appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Companies Warned…
NETGEAR Router Flaw Allows Full Admin Access by Attackers
A severe authentication bypass vulnerability (CVE-2025-4978) has been uncovered in NETGEAR’s DGND3700v2 wireless routers, enabling unauthenticated attackers to gain full administrative control over affected devices. The flaw, rated with a critical CVSSv4 score of 9.3, stems from a hidden backdoor…
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
From zero-day exploits to large-scale bot attacks — the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater. SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K…
Law Enforcement Busts Initial Access Malware Used to Launch Ransomware
A new Europol-led operation has dismantled infrastructure for key initial access malware used to launch ransomware attacks This article has been indexed from www.infosecurity-magazine.com Read the original article: Law Enforcement Busts Initial Access Malware Used to Launch Ransomware
[UPDATE] [mittel] Cisco WebEx: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Cisco WebEx ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen oder Daten zu manipulieren. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [UPDATE]…
[NEU] [mittel] Grafana: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Ein lokaler Angreifer kann eine Schwachstelle in Grafana ausnutzen, um Sicherheitsvorkehrungen zu umgehen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories) Lesen Sie den originalen Artikel: [NEU] [mittel] Grafana: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen
Scarcity signals: Are rare activities red flags?
Talos analyzed six months of PowerShell network telemetry and found that rare domains are over three times more likely to be malicious compared to frequently contacted ones. This article has been indexed from Cisco Talos Blog Read the original article:…
Threat Brief: CVE-2025-31324 (Updated May 23)
CVE-2025-31324 impacts SAP NetWeaver’s Visual Composer Framework. We share our observations on this vulnerability using incident response cases and telemetry. The post Threat Brief: CVE-2025-31324 (Updated May 23) appeared first on Unit 42. This article has been indexed from Unit…
Mysterious hacking group Careto was run by the Spanish government, sources say
The elusive hacking group Careto was never publicly linked to a specific government, but TechCrunch has learned researchers concluded privately that the Spanish government was behind the group. This article has been indexed from Security News | TechCrunch Read the…
Operation RapTor led to the arrest of 270 dark web vendors and buyers
Law enforcement operation codenamed ‘Operation RapTor’ led to the arrest of 270 dark web vendors and buyers across 10 countries. Police arrested 270 suspects following an international law enforcement action codenamed ‘Operation RapTor’ that targeted dark web vendors and customers…
ModSecurity Vulnerability Exposes Millions of Web Servers to Severe DoS Condition
A critical vulnerability in ModSecurity’s Apache module has been disclosed, potentially exposing millions of web servers worldwide to denial-of-service attacks. The flaw, tracked as CVE-2025-47947 and assigned a CVSS score of 7.5, affects the popular open-source web application firewall’s handling…
LockBit Data Leak Unveils Most Active Affiliates & Their Innerworkings
A significant data breach has exposed the inner workings of one of the world’s most prolific ransomware operations, providing unprecedented insight into LockBit’s affiliate structure and victim targeting strategies. The treasure trove of leaked information, published on LockBit’s hijacked leak…
Exploitable Vulnerabilities in Canon Printers Allow Attackers to Gain Admin Privileges
Canon Inc. has issued a critical security advisory warning customers about severe vulnerabilities affecting a wide range of their production printers, office multifunction printers, and laser printers. The vulnerabilities, identified as CVE-2025-3078 and CVE-2025-3079, enable malicious actors to extract sensitive…
Warten auf Sicherheitsupdate: Versa Concerto ist schwer verwundet
Mehrere Schwachstellen bedrohen die Orchestrierungsplattform Versa Concerto. Schadcode-Attacken sind möglich. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Warten auf Sicherheitsupdate: Versa Concerto ist schwer verwundet
Operation Endgame 2.0: 20 Haftbefehle, Hunderte Server außer Gefecht gesetzt
Das BKA, Europol und weitere internationale Ermittlungsbehörden gehen weiter gegen Malware vor. Gegen mehr als 20 Akteure ergingen Haftbefehle und Anklagen. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Operation Endgame 2.0: 20 Haftbefehle, Hunderte…
ViciousTrap Hackers Breaches 5,500+ Edge Devices from 50+ Brands, Turns Them into Honeypots
A sophisticated cyber threat actor, dubbed ViciousTrap by Sekoia.io’s Threat Detection & Research (TDR) team, has compromised over 5,500 edge devices across more than 50 brands, transforming them into a massive honeypot-like network. This alarming operation, detailed in Sekoia.io’s latest…
Inside LockBit: Data Leak Reveals Leading Affiliates and How They Operate
A massive data leak from the LockBit ransomware group, published on its hijacked leak site, has provided an unprecedented glimpse into the inner workings of one of the most notorious Ransomware-as-a-Service (RaaS) operations. The leaked data, spanning from December 19,…
Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges
Apple has released urgent security patches addressing CVE-2025-31219, a high-severity vulnerability in its XNU kernel that underpins macOS, iOS, iPadOS, tvOS, watchOS, and visionOS. The flaw, which carries a CVSS score of 8.8 (vector: AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H), enables local attackers to escalate…
Operation Endgame Crushes DanaBot Malware, Shuts Down 150 C2 Servers and Halts 1,000 Daily Attacks
Operation Endgame II has delivered a devastating strike against DanaBot, a notorious malware that has plagued systems since its emergence in 2018. Initially designed as a banking trojan targeting financial credentials, DanaBot evolved into a multi-purpose threat, facilitating information theft…
Grandpa-conning crook jailed over sugar-coated drug scam
Callous fraudster tricked elderly gents into smuggling meth hidden in chocolate truffles A ruthless cyber conman who duped elderly pensioners – including an 80-year-old man – into smuggling deadly class A drugs was this week locked up.… This article has…
Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks
A Chinese threat actor exploited a zero-day vulnerability in Trimble Cityworks to hack local government entities in the US. The post Cityworks Zero-Day Exploited by Chinese Hackers in US Local Government Attacks appeared first on SecurityWeek. This article has been…
Detect Vulnerabilities Faster With Website Scanner
As digital transformation becomes a strategic imperative, development teams have emerged as a pillar of organizations. Agile and DevOps practices have revolutionized the pace of innovation, enabling businesses to respond rapidly to evolving market demands. However, this accelerated development comes…
Operation Endgame: Infrastruktur gefährlicher Malware-Stämme vom Netz genommen
Rund 300 Server, 650 Domains und 3,5 Millionen Euro in Kryptowährungen sind nun im Besitz der Polizei. Ein Großerteil der Server steht in Deutschland. (Malware, Virus) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Operation…