Articles tagged "Exploit"

Found 573 articles

Researchers have identified a serious vulnerability in Gitea, an open-source platform used for version control, that allows unauthorized users to access private container images. This flaw, labeled CVE-2026-27771, impacts all versions of Gitea prior to 1.26.2. Attackers can exploit this weakness without needing any credentials, which could lead to unauthorized access to sensitive data stored in container images. Given the nature of Gitea as a self-hosted solution, organizations using outdated versions are particularly at risk. It’s crucial for users to update their installations to the latest version to safeguard their private resources.

Read Original

Hackers have taken advantage of a zero-day vulnerability in the KnowledgeDeliver learning management system (LMS) to install a malicious web shell known as Godzilla. This security flaw allows attackers to gain unauthorized access to systems running this LMS, potentially compromising sensitive data and disrupting services. Organizations using KnowledgeDeliver should be particularly vigilant, as the exploitation of this vulnerability could lead to significant operational and data security issues. The presence of a web shell means that attackers can execute commands remotely, making it crucial for affected users to take immediate action to secure their systems. Companies must prioritize patching and monitoring their environments to mitigate the risks associated with this exploit.

Read Original

A zero-day vulnerability identified as CVE-2026-5426 has been discovered in a Japanese Learning Management System (LMS). This security flaw arises from the use of hard-coded ASP.NET machine keys, which attackers can exploit to deploy Cobalt Strike, a popular penetration testing tool that can also be used for malicious purposes. The exploitation of this vulnerability poses significant risks to educational institutions and organizations using the LMS, potentially allowing unauthorized access to sensitive information and systems. Users of the affected LMS should take immediate steps to secure their systems to prevent potential intrusions.

Read Original

Trend Micro has reported a serious security vulnerability in its Apex One platform, identified as CVE-2026-34926. This flaw allows for a directory path traversal, which means attackers could potentially access files and directories outside the intended scope. The company has confirmed that this vulnerability is being actively exploited in the wild, with at least one confirmed incident. Organizations using the Apex One platform are at risk, which makes it crucial for them to act quickly. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding this vulnerability, urging affected users to take immediate action to protect their systems.

Read Original

Nimbus Manticore, an Iranian advanced persistent threat (APT) group, has been actively targeting aviation and software companies using updated tools. This activity has persisted during and after the recent US military actions against Iran, indicating a sustained effort by the group to exploit vulnerabilities within these sectors. The attacks raise concerns about the security of critical infrastructure and sensitive data in industries that are vital to national security and economic stability. Companies in the aviation and software fields should be on high alert and enhance their security measures to defend against these sophisticated threats. The ongoing nature of these operations suggests that the APT is evolving its tactics and tools, which could lead to more significant breaches if not addressed promptly.

Read Original

Iranian hackers, known as Nimbus Manticore, have launched a campaign targeting U.S. aviation through phishing attacks and SEO poisoning. They are distributing a malicious backdoor called MiniFast, which is designed to exploit vulnerabilities in systems related to aviation. This campaign poses a significant risk to the aviation sector, as it could potentially allow attackers to gain unauthorized access to sensitive information and disrupt operations. The use of AI to create the MiniFast backdoor indicates a sophisticated approach to cyberattacks, raising concerns about the evolving tactics of state-sponsored hacking groups. Companies in the aviation industry need to be vigilant and enhance their cybersecurity measures to protect against such threats.

Read Original

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that U.S. government agencies address a critical SQL injection vulnerability in the Drupal content management system by Wednesday evening. This vulnerability, which has been flagged as actively exploited, poses a significant risk to the security of servers running Drupal. Government organizations must act swiftly to protect their systems from potential attacks that could exploit this weakness. The urgency of this directive highlights the ongoing challenges faced by agencies in maintaining secure web platforms, especially as attackers increasingly target widely used software like Drupal. Ensuring that these systems are patched is essential to safeguard sensitive data and maintain operational integrity.

Read Original

A new vulnerability, dubbed 'Underminr', affects around 88 million domains, allowing attackers to hide malicious connections behind trusted domain names. This exploit can bypass DNS filtering mechanisms, making it easier for cybercriminals to manage command-and-control traffic without detection. As a result, organizations that rely on these domains for security may be at greater risk of compromise. The vulnerability raises concerns about the effectiveness of current DNS security measures, as attackers can leverage this flaw to blend in with legitimate traffic. Companies and system administrators are urged to review their DNS filtering strategies to mitigate potential risks associated with this vulnerability.

Read Original
LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

The Hacker News

Actively Exploited

A severe security vulnerability has been discovered in the LiteSpeed User-End cPanel Plugin, identified as CVE-2026-48172, which has a maximum CVSS score of 10.0. This flaw allows attackers to exploit incorrect privilege assignments, enabling them to execute arbitrary scripts with root privileges. As a result, any cPanel user, including potential attackers or compromised accounts, can take advantage of this vulnerability. The ongoing exploitation of this flaw poses significant risks to server security and data integrity, making it crucial for affected users to take immediate action. The situation emphasizes the need for vigilance among web hosts and cPanel users to prevent unauthorized access and maintain secure environments.

Read Original
Actively Exploited

Malwarebytes has uncovered a phishing scam on Facebook that specifically targets users aged 40 and older. This scheme lures victims with fake offers for Aldi meat boxes, enticing them to provide personal information or financial details. The attackers are exploiting the trust users may have in social media platforms, making it crucial for older adults to be vigilant about suspicious offers. This incident serves as a reminder that scammers often tailor their tactics to exploit specific demographics, highlighting the need for increased awareness among users. Protecting personal information online is essential, especially when faced with seemingly harmless promotions.

Read Original
Actively Exploited

Drupal has issued a warning about a significant SQL injection vulnerability that is currently being targeted by hackers. This flaw, which was announced earlier in the week, poses a serious risk to websites running on the Drupal content management system. Attackers can exploit this vulnerability to gain unauthorized access to databases, potentially leading to data breaches or site compromises. Users and administrators of Drupal sites are urged to take immediate action to secure their systems, as the risk of exploitation is high. It is crucial for affected parties to stay vigilant and apply any available patches to mitigate this threat.

Read Original

Keepnet, a platform focused on human risk management, has provided data on voice and SMS phishing simulations to the 2026 Verizon Data Breach Investigations Report (DBIR). This edition marks the first time such data has been included at this scale, revealing a notable 40% increase in the median click rate for phone-centric phishing attempts compared to traditional email-based simulations. This indicates a growing trend in phishing tactics that exploit voice and SMS channels, which could pose significant risks to users and organizations alike. As cybercriminals diversify their methods, understanding these new threats becomes essential for companies aiming to protect themselves and their employees. The inclusion of this data in a reputable report like the DBIR emphasizes the need for heightened awareness and training regarding these types of attacks.

Read Original

A recent report by Hunt.io has uncovered that a small number of telecom providers in the Middle East are hosting the majority of the region's command and control (C2) servers, with over 1,350 identified. This finding indicates that these providers are inadvertently supporting a significant amount of malware activity. Historically, cybersecurity efforts have concentrated on specific malware types and phishing attacks, but this research suggests that focusing on hosting services could be crucial for improving defenses. The implications are serious, as malware operators could exploit these telecom networks to launch attacks or control compromised systems. Companies and cybersecurity professionals in the region need to reassess their strategies to mitigate these risks effectively.

Read Original
Actively Exploited

A newly discovered vulnerability, identified as CVE-2024-12802, affects SonicWall Gen6 SSL-VPN appliances. This security flaw allows attackers to bypass multi-factor authentication (MFA) by using a specific user principal name (UPN) login format. Organizations using these appliances could be at risk, as this vulnerability may enable unauthorized access to sensitive systems. Companies that rely on SonicWall for secure remote access should take immediate action to assess their exposure to this threat. Given the critical role of MFA in securing remote connections, this issue underscores the need for vigilance and prompt remediation.

Read Original

Europol has successfully dismantled First VPN, a virtual private network service that was reportedly used by ransomware groups and online fraudsters. This operation aimed to disrupt the infrastructure that allowed cybercriminals to operate anonymously while committing various cybercrimes, including extortion and identity theft. By taking down this VPN, Europol has made it more challenging for these actors to hide their identities and conduct illicit activities. The operation is part of a broader effort to combat cybercrime across Europe, which has seen an increase in ransomware incidents and online fraud. This crackdown serves as a reminder of the ongoing battle against cybercriminals who exploit technology to evade law enforcement.

Read Original
PreviousPage 9 of 39Next