The unpatched vulnerabilities allow attackers to execute arbitrary code remotely and escalate their privileges.
The post ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities appeared first on SecurityWeek.
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
Cybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products.
The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and
The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and
Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date
Apple has announced significant updates to its bug bounty program, including new categories and target flags.
The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek.
FBI takes down BreachForums portal used for Salesforce extortion
The FBI has seized last night all domains for the BreachForums hacking forum operated by the ShinyHunters group mostly as a portal for leaking corporate data stolen in attacks from ransomware and extortion gangs. […]
Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks
Google researchers believe exploitation may have started as early as July 10 and the campaign hit dozens of organizations.
The post Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks appeared first on SecurityWeek.
CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw
Dozens of organizations may have been impacted following the zero-day exploitation of a security flaw in Oracle’s E-Business Suite (EBS) software since August 9, 2025, Google Threat Intelligence Group (GTIG) and Mandiant said in a new report released Thursday.
“We’re still assessing the scope of this incident, but we believe it affected dozens of organizations,” John Hultquist, chief analyst of
“We’re still assessing the scope of this incident, but we believe it affected dozens of organizations,” John Hultquist, chief analyst of
New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube
A new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. […]
Microsoft: Hackers target universities in “payroll pirate” attacks
A cybercrime gang tracked as Storm-2657 has been targeting university employees in the United States to hijack salary payments in “pirate payroll” attacks since March 2025. […]
Hackers now use Velociraptor DFIR tool in ransomware attacks
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. […]
Microsoft Defender mistakenly flags SQL Server as end-of-life
Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. […]