Hackers exploit Apache ActiveMQ flaw to install DripDropper on Linux, then patch it to block rivals and hide their tracks. Red Canary researchers observed attackers exploit a 2-year-old Apache ActiveMQ vulnerability, tracked as CVE-2023-46604 (CVSS score of 1…

A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old vulnerability (CVE-2018-0171), the FBI and Cisco warned on Wednesday. “Primary targets inc…

Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos

Apple has released security updates to patch a zero-day vulnerability tracked as CVE-2025-43300 for all platforms

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-43300 Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability These types of vulnerab…

Apple has issued a security upgrade for iOS 18, iPadOS 18, and macOS. The update addresses a critical vulnerability, CVE-2025-43300. It impacts iPhone XS and later, several iPad Pro, iPad Air, and iPad mini models. The vulnerability involves an out-of-bounds …

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO fram…

A vulnerability has been identified in Apple Products. A remote attacker could exploit this vulnerability to trigger remote code execution and denial of service condition on the targeted system. Note: CVE-2025-43300 may have been exploited in an extremel…

[jetty-dev] Announcing CVE-2025-5115 - HTTP/2 MadeYouReset vuln

[jetty-users] Announcing CVE-2025-5115 - HTTP/2 MadeYouReset vuln

Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” About CVE-2025-43300 CVE-2025-43300 is an out-of-bounds write issue that …

ImageIO 吾 0-day CVE-2025-43300 絲上с Apple security releases (Apple) iOS / iPadOS iOS 18.6.2 and iPadOS 18.6.2 (Apple, 2025.08.20) Apple is aware of a report that this issue may have been exploited in …

I wrote a short piece about how the the two recent Rails CVEs could be exploited: https://greg.molnar.io/blog/rails-cve-2025-55193-and-cve-2025-24293/

A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made public by VX Underground, Onapsis security researchers have warned. The exploit has alleg…

Google Chrome 139 addressed a high-severity V8 flaw, tracked as CVE-2025-9132, found by Big Sleep AI Google Chrome 139 addressed a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8.…

Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. A new exploit chaining two vulnerabilities, tracked as CVE-2025-31324 and CVE-2025-42999, in SAP NetWeaver exposes organizations …

A new exploit combining two critical, now-patched security flaws in SAP NetWeaver has emerged in the wild, putting organizations at risk of system compromise and data theft. The exploit in question chains together CVE-2025-31324 and CVE-2025-42999 to bypass a…

After last week’s security patches in Rails, I tested the ANSI escape injection vulnerability. I was curious about the damage it can do.

Hackers exploited Windows flaw CVE-2025-29824 to deploy PipeMagic malware in RansomExx attacks, Kaspersky revealed. A joint report from Kaspersky and BI.ZONE analyzed the evolution of PipeMagic malware from its first detection in 2022 to new infections observ…

Cybersecurity researchers have lifted the lid on the threat actors' exploitation of a now-patched security flaw in Microsoft Windows to deploy the PipeMagic malware in RansomExx ransomware attacks. The attacks involve the exploitation of CVE-2025-29824, a pri…