Articles tagged "Exploit"

Found 581 articles

Hackers are taking advantage of poorly configured web applications that are designed for security training and testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP. These applications are being used as gateways to access the cloud environments of various Fortune 500 companies and security vendors. The attackers exploit these misconfigurations to infiltrate systems that should ideally serve as safe environments for testing security measures. This situation raises serious concerns for companies that rely on these tools for internal security practices, as it exposes them to potential data breaches and unauthorized access. Organizations need to ensure that their security testing applications are correctly configured to prevent exploitation by malicious actors.

Read Original

North Korean hackers are targeting macOS developers by luring them to malicious projects on GitHub and GitLab that are opened with Visual Studio Code. The attackers use these repositories to trick users into executing harmful code, potentially compromising their systems. This tactic poses a significant risk to developers who may unknowingly download and run these malicious projects, which could lead to data breaches or further exploitation of their systems. As these attacks exploit popular development tools, developers need to be vigilant about the sources of the projects they access. This incident emphasizes the ongoing threat posed by state-sponsored hackers and the need for heightened awareness in the software development community.

Read Original

TP-Link has addressed a serious vulnerability in its VIGI C and VIGI InSight camera models that allowed remote access to surveillance systems. This flaw, identified as CVE-2026-0629, has a CVSS score of 8.7, indicating high severity. Over 32 models were affected, with more than 2,500 devices exposed to the internet and potentially at risk of being hacked. Attackers could exploit this vulnerability to bypass local network restrictions, putting users' security and privacy in jeopardy. The fix for this issue is crucial for ensuring the safety of surveillance operations for both businesses and individuals who rely on these cameras.

Read Original
Google Gemini AI Tricked Into Leaking Calendar Data via Meeting Invites

Hackread – Cybersecurity News, Data Breaches, AI, and More

Researchers at Miggo Security discovered a vulnerability in Google Gemini that allows attackers to exploit calendar invites to extract private user data. This flaw enables a silent attack method, where the malicious actor can trick the AI into leaking sensitive information without raising alarms. The implications of this vulnerability are significant, as it could compromise users' personal schedules and confidential details stored within their calendar apps. Google users relying on Gemini for scheduling and other functions may be particularly at risk. It's crucial for users and organizations to be aware of this issue and take necessary precautions to safeguard their data.

Read Original
Actively Exploited

A new information-stealing malware called 'SolyxImmortal' has emerged, which utilizes legitimate APIs and libraries to gather sensitive data. The malware sends this stolen information to Discord webhooks, making detection challenging. This type of attack can affect anyone who unwittingly downloads the malware, potentially compromising personal and financial information. As cybercriminals increasingly exploit trusted platforms and tools, users need to be vigilant about the software they install and the permissions they grant. This incident serves as a reminder of the evolving tactics used by attackers to bypass security measures.

Read Original

Ingram Micro, a major player in the information technology sector, experienced a ransomware attack in July 2025 that compromised the personal data of over 42,000 individuals. The breach raises serious concerns about data security and the potential misuse of sensitive information, as attackers often seek to exploit such data for financial gain or identity theft. The scale of the incident highlights the ongoing risks that companies face from cyber threats, particularly in the IT sector, which is often targeted due to its critical role in global infrastructure. Affected individuals should remain vigilant for signs of identity theft and consider monitoring their accounts for unusual activity. Organizations must strengthen their cybersecurity measures to prevent similar incidents in the future.

Read Original
Actively Exploited

CyberArk has reported that it successfully exploited a vulnerability in the StealC infostealer malware to gather intelligence. This malware is known for stealing sensitive information from infected systems, which can include login credentials, financial data, and personal information. By exploiting the flaw, researchers were able to collect evidence that can help understand how the malware operates and how it might be mitigated. This incident underscores the ongoing challenges posed by infostealers and the need for organizations to remain vigilant against such threats. Users and companies should ensure their systems are updated and monitor for signs of compromise, as infostealers like StealC can have serious implications for data security.

Read Original

A recent study by Palo Alto Networks warns that the upcoming Milan Cortina 2026 Winter Olympic Games could attract cyber attackers looking to exploit the event's extensive digital infrastructure. With the Olympics featuring increased network traffic, new systems, and temporary partnerships, the risk of cyber incidents rises significantly. Attackers are likely to target various components of the event's digital ecosystem, including ticketing platforms and telecommunications infrastructure. This situation poses a threat not only to the event organizers but also to attendees and stakeholders who rely on these digital services. As the event approaches, it’s crucial for companies involved in the Olympics to enhance their cybersecurity measures to mitigate potential attacks.

Read Original
Actively Exploited

A recent report from Infosecurity Magazine indicates that industrial technology environments are facing a significant surge in cyberattacks. The number of incidents has doubled, particularly targeting vulnerabilities in industrial control systems. This increase poses serious risks for industries reliant on these systems, as attackers may exploit weaknesses to disrupt operations or compromise sensitive data. Companies operating in sectors such as manufacturing, energy, and transportation should be particularly vigilant, as the implications of these attacks could lead to operational downtime and financial losses. The trend highlights the urgency for organizations to enhance their cybersecurity measures to protect against evolving threats.

Read Original

Researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel of the StealC info-stealing malware. This flaw allowed them to monitor the malware operators' active sessions and collect data on their hardware setups. StealC is designed to steal sensitive information from users, which means this incident not only exposes the attackers but also raises concerns about the ongoing effectiveness of such malware. Understanding these vulnerabilities can help cybersecurity experts develop better defenses against similar threats. The incident serves as a reminder that even sophisticated malware can have weaknesses that researchers can exploit to gain insights into cybercriminal operations.

Read Original

Cisco has addressed a serious flaw in its Secure Email products, which was exploited by a China-linked hacking group known as UAT-9686. The vulnerability, tracked as CVE-2025-20393, has a maximum severity score of 10.0 and affects the Secure Email Gateway and Email and Web Manager. Attackers were able to exploit this flaw as a zero-day, meaning it was actively used in attacks before a patch was made available. It's crucial for users of these products to apply the latest updates to protect their systems from potential exploitation. This incident highlights the ongoing risks posed by advanced persistent threat groups targeting widely used software.

+1 more
Read Original
Actively Exploited

Cisco has addressed a serious vulnerability in its AsyncOS software that has been exploited since November 2025. This zero-day flaw specifically affects Secure Email Gateway (SEG) appliances, which are used by organizations to filter and protect email traffic. Attackers have been able to exploit this weakness, putting sensitive data at risk and potentially compromising email communications for users relying on these appliances. The timely patch is crucial for organizations to secure their email systems and prevent further exploitation. Companies using these SEG appliances should prioritize applying the update to safeguard against these attacks.

Read Original

Security researcher Eaton Zveare identified five serious vulnerabilities in Bluspark's Bluvoyix platform, which is used in shipping and supply chain management. Among these flaws were the use of plaintext passwords and an unauthenticated API, both of which could potentially allow unauthorized access to sensitive data. This incident raises concerns for companies relying on Bluvoyix, as attackers could exploit these weaknesses to gain access to critical operational information. Bluspark has since released patches to address these vulnerabilities, but the exposure of such significant flaws underscores the need for robust security practices in software development. Users of the platform should ensure they update to the latest version to mitigate these risks.

Read Original
Actively Exploited

A recent report from Cyble reveals that hacktivists and cybercriminals are increasingly targeting industrial systems, looking to exploit vulnerabilities within these environments. This uptick in attacks poses significant risks to companies operating in sectors such as manufacturing, energy, and utilities, potentially leading to disruptions in operations and financial losses. The report emphasizes the critical need for these organizations to enhance their cybersecurity measures and patch known vulnerabilities to safeguard their systems. As attackers become more sophisticated, the potential for severe consequences, including data breaches and operational downtime, grows. Companies must prioritize security protocols to protect their infrastructure from these escalating threats.

Read Original

A serious vulnerability, identified as CVE-2025-64155, has been discovered in Fortinet’s FortiSIEM security platform, allowing unauthenticated remote attackers to execute unauthorized code. This flaw specifically affects the phMonitor service, which is crucial for the operation of FortiSIEM. The release of proof-of-concept (PoC) exploit code has heightened concerns, urging organizations using this software to apply patches immediately. If not addressed, this vulnerability could lead to significant security risks, as attackers could manipulate the system remotely. Organizations should prioritize patching their FortiSIEM deployments to safeguard against potential exploitation.

Read Original
PreviousPage 32 of 39Next