Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication.
The post Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices appeared first on SecurityWeek.
CISA has added the Zimbra flaw to the KEV catalog along with three other bugs exploited in the wild.
The post Organizations Warned of Exploited Zimbra Collaboration Vulnerability appeared first on SecurityWeek.
The exploitation of the authentication bypass vulnerability started two days after patches were released.
The post Fresh SmarterMail Flaw Exploited for Admin Access appeared first on SecurityWeek.
Hackers bypass the FortiCloud SSO login authentication to create new accounts and change device configurations.
The post New Wave of Attacks Targeting FortiGate Firewalls appeared first on SecurityWeek.
UAT-9686 exploited the bug to deploy the AquaShell backdoor on Cisco appliances with certain ports open to the internet.
The post Cisco Patches Vulnerability Exploited by Chinese Hackers appeared first on SecurityWeek.
Two vulnerabilities patched this month by Microsoft were disclosed publicly before fixes were released.
The post Microsoft Patches Exploited Windows Zero-Day, 111 Other Vulnerabilities appeared first on SecurityWeek.
The maximum-severity code injection flaw can be exploited without authentication for remote code execution.
The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek.
The critical-severity vulnerability allows unauthenticated, remote attackers to execute arbitrary shell commands.
The post Hackers Exploit Zero-Day in Discontinued D-Link Devices appeared first on SecurityWeek.
In December, the botnetβs operators focused on weaponizing the flaw to compromise vulnerable Next.js servers.
The post RondoDox Botnet Exploiting React2Shell Vulnerability appeared first on SecurityWeek.
GreyNoise has observed thousands of requests targeting a dozen vulnerabilities in Adobe ColdFusion during the Christmas 2025 holiday.
The post Adobe ColdFusion Servers Targeted in Coordinated Campaign appeared first on SecurityWeek.
Tracked as CVE-2020-12812, the exploited FortiOS flaw allows threat actors to bypass two-factor authentication.
The post Fortinet Warns of New Attacks Exploiting Old Vulnerability appeared first on SecurityWeek.
Dubbed MongoBleed, the high-severity flaw allows unauthenticated, remote attackers to leak sensitive information from MongoDB servers.
The post Fresh MongoDB Vulnerability Exploited in Attacks appeared first on SecurityWeek.
The critical-severity bug in the Fireware OSβs iked process leads to unauthenticated remote code execution.
The post WatchGuard Patches Firebox Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Tracked as CVE-2025-59374, the issue is a software backdoor implanted in Asus Live Update in a supply chain attack.
The post CISA Warns of Exploited Flaw in Asus Update Tool appeared first on SecurityWeek.
The medium-severity flaw has been exploited in combination with a critical bug for remote code execution.
The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek.
The critical zero-day is tracked as CVE-2025-20393 and it impacts Secure Email Gateway and Secure Email and Web Manager appliances.
The post China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear appeared first on SecurityWeek.
Threat actors are exploiting the two critical authentication bypass vulnerabilities against FortiGate appliances.
The post In-the-Wild Exploitation of Fresh Fortinet Flaws Begins appeared first on SecurityWeek.
Google has also mentioned seeing React2Shell attacks conducted by Iranian threat actors.
The post Google Sees 5 Chinese Groups Exploiting React2Shell for Malware Delivery appeared first on SecurityWeek.
Apple has released macOS and iOS updates to patch two WebKit zero-days exploited in an βextremely sophisticatedβ attack.
The post Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw appeared first on SecurityWeek.
Threat actors have hacked at least nine organizations by exploiting the recently patched Gladinet CentreStack flaw.
The post Gladinet CentreStack Flaw Exploited to Hack Organizations appeared first on SecurityWeek.
Login