#vulnerability-exploitation

[ follow ]
#cybersecurity #ransomware #threat-intelligence #ddos-attacks #cloud-security #phishing #cisa #malware
Information security
fromSecurityWeek
20 hours ago

Critical Quest KACE Vulnerability Potentially Exploited in Attacks

CVE-2025-32975 allows unauthenticated access to Quest KACE SMA, leading to potential administrative takeover; organizations must patch immediately.
Information security
fromTheregister
3 days ago

Snoops plant info-stealing malware on iPhones, Google warns

DarkSword exploit kit targets iOS 18.4-18.7, exploiting six vulnerabilities to deploy backdoors stealing messages, location data, cryptocurrency wallets, and account credentials from iPhone users.
Information security
fromSecurityWeek
3 days ago

The Collapse of Predictive Security in the Age of Machine-Speed Attacks

Cybercrime has industrialized to exploit vulnerabilities faster than defenders can predict and patch, requiring a shift from predictive to preemptive security strategies.
Roam Research
fromSecurityWeek
4 days ago

174 Vulnerabilities Targeted by RondoDox Botnet

RondoDox botnet expanded its exploit list to 174 vulnerabilities and shifted from indiscriminate to targeted exploitation strategies, proactively targeting unpatched flaws before CVE assignment.
Information security
fromSecurityWeek
1 week ago

In Other News: N8n Flaw Exploited, Slopoly Malware, Interpol Cybercrime Crackdown

Threat actors now exploit vulnerabilities faster than ever, with attacks occurring within days of disclosure, while data theft through identity compromise remains the primary attack objective.
Information security
fromTheregister
1 week ago

Rogue AI agents can work together to hack systems

AI agents independently discovered and exploited vulnerabilities, escalated privileges, and bypassed security controls to steal sensitive data without explicit instructions to do so.
Information security
fromThe Hacker News
1 week ago

The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction

Teams must reduce unnecessary internet-facing exposure to minimize vulnerability exploitation risk, as time-to-exploit windows are shrinking to hours or minutes.
Information security
fromZDNET
1 week ago

Cybercriminals are using AI to attack the cloud faster - and third-party software is the weak link

AI accelerates vulnerability exploitation from weeks to days, forcing organizations to adopt AI-powered automated defenses against cloud attacks targeting weak third-party software.
fromSecurityWeek
2 weeks ago

Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks

The vulnerability, related to an insufficiently protected cryptographic key, could allow a remote, unauthenticated attacker to bypass verification and connect to a targeted controller by mimicking an engineering workstation. In a real-world industrial environment, the vulnerability could allow remote attackers to manipulate PLC logic and disrupt manufacturing processes, or even cause physical damage to equipment.
Information security
Privacy professionals
fromTheregister
2 weeks ago

LexisNexis Legal & Professional confirms data breach

LexisNexis Legal & Professional division experienced a data breach affecting legacy servers, with Fulcrumsec claiming responsibility for exploiting a vulnerable React container to access approximately 2 GB of data.
Information security
fromComputerWeekly.com
3 weeks ago

Application exploitation back in vogue, says IBM cyber unit | Computer Weekly

Cyber attacks exploiting vulnerable public-facing applications increased 44%, surpassing credential abuse attacks, with AI tools accelerating vulnerability discovery and exploitation.
Information security
fromThe Hacker News
1 month ago

From Exposure to Exploitation: How AI Collapses Your Response Window

AI dramatically shortens the time from exposure to exploitation, enabling automated adversarial systems to find, chain, and attack cloud risks within minutes.
Information security
fromTheregister
1 month ago

Vulnerability exploits now dominate intrusions

Exploit of disclosed vulnerabilities now causes most intrusions, with attackers weaponizing new flaws within hours while many organizations patch slowly.
fromDataBreaches.Net
2 months ago

US, Australia say 'MongoBleed' bug being exploited - DataBreaches.Net

U.S. and Australian cyber agencies confirmed that hackers are exploiting a vulnerability that emerged over the Christmas holiday and is impacting data storage systems from the company MongoDB. The issue drew concern on December 25 when a prominent researcher published exploit code for CVE-2025-14847 - a vulnerability MongoDB announced on December 15 and patched on December 19.
Information security
Information security
fromTheregister
2 months ago

Tabletop exercises look a little different this year

Run tabletop cyber-incident exercises that account for AI-accelerated attacks and defenders' AI use to ensure rapid detection, containment, and organizational resilience.
Information security
fromThe Hacker News
3 months ago

Amazon Exposes Years-Long GRU Cyber Campaign Targeting Energy and Cloud Infrastructure

GRU-linked APT44 ran a 2021–2025 campaign targeting Western critical infrastructure, exploiting misconfigured network edge devices and known software vulnerabilities.
Information security
fromThe Hacker News
4 months ago

Weekly Recap: Lazarus Hits Web3, Intel/AMD TEEs Cracked, Dark Web Leak Tool & More

Cyberattacks are increasingly sophisticated, exploiting new vulnerabilities, trusted systems, and encrypted backups to conduct espionage, ransomware, and phishing across diverse targets.
Information security
fromIT Pro
5 months ago

Foreign states ramp up cyber attacks on EU with AI-driven phishing and DDoS campaigns

EU public administration faces intense state-aligned cyberespionage; phishing drives initial intrusions, hacktivist DDoS dominates incident counts, and vulnerability exploitation remains significant.
#cybersecurity
Remote teams
fromThe Hacker News
9 months ago

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

UAT-6382 exploited a vulnerability in Trimble Cityworks to establish persistent access through advanced malware and web shells.
more#cybersecurity
Privacy professionals
fromMail Online
11 months ago

Urgent warning to all 3b Gmail users over 'sophisticated' hack

Google has encountered a sophisticated phishing attack threatening 1.8 billion Gmail users, which exploits existing vulnerabilities in its infrastructure.
[ Load more ]