23 matches found
When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security
The Race for Every New CVE Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited Vulnerabilities Catalog as a reference, hundreds of software flaws are now confirmed as...
CISA Adds Four Critical Vulnerabilities to KEV Catalog Due to Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added four security flaws to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation in the wild. The list of flaws is as follows - CVE-2014-3931 CVSS score: 9.8 - A buffer overflow...
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in...
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck...
CVE-2022-4447
creationtimestamp| type| source ---|---|--- 2025-01-26 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2025-01-26 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-31 00:00:00+00:00| seen| The Shadowserver...
CVE-2019-14656
creationtimestamp| type| source ---|---|--- 2025-01-24 10:04:21+00:00| exploited| https://www.exploit-db.com/exploits/23572 2025-01-24 10:09:15+00:00| confirmed| https://www.yealink.com/en/trust-center/security-advisories/cve-2019-14656-yealink-phone-privilege-escalation-vulnerabilities 2025-01-2...
CVE-2019-12986
creationtimestamp| type| source ---|---|--- 2025-01-21 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-21 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-30 00:00:00+00:00| seen| The Shadowserver...
CVE-2023-5148
creationtimestamp| type| source ---|---|--- 2024-12-22 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-22 2025-01-24 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-24 2025-02-04 00:00:00+00:00| seen| The Shadowserver...
CVE-2024-31750
creationtimestamp| type| source ---|---|--- 2024-12-15 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-12-15 2025-02-06 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-06 2025-02-21 00:00:00+00:00| seen| The Shadowserver...
CVE-2016-5700
creationtimestamp| type| source ---|---|--- 2024-11-09 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-09 2024-11-10 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-10 2024-11-14 00:00:00+00:00| seen| The Shadowserver...
CVE-2016-0457
creationtimestamp| type| source ---|---|--- 2024-11-01 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-11-01 2024-11-03 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-03 2024-11-28 00:00:00+00:00| seen| The Shadowserver...
CVE-2019-18371
creationtimestamp| type| source ---|---|--- 2024-01-27 09:11:40+00:00| seen| https://t.me/ctinow/174700 2024-03-10 00:23:58+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/10119 2025-02-20 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-02-2...
Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign
Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites...
Mozilla: libusrsctp library out of date
The Mozilla Foundation Security Advisory describes this flaw as: An out of date library libusrsctp contained vulnerabilities that could potentially be exploited...
CVE-2022-31656
creationtimestamp| type| source ---|---|--- 2022-08-03 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=846 2022-08-03 10:17:56+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus13/2022 2022-08-03 11:22:13+00:00| published-proof-of-concept|...
CVE-2022-25485
creationtimestamp| type| source ---|---|--- 2022-03-15 21:19:38+00:00| seen| https://t.me/cibsecurity/38964 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-26 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities -...
CVE-2020-17456
creationtimestamp| type| source ---|---|--- 2022-03-12 17:21:36+00:00| published-proof-of-concept| https://t.me/intelexch/10571 2022-04-14 15:17:01+00:00| exploited| https://t.me/NeKaspersky/2117 2022-07-13 13:02:16+00:00| seen| MISP/8bf50bb8-94dd-4004-a646-5f78db6f0b6a 2024-12-29 00:00:00+00:00|...
CVE-2021-26855
creationtimestamp| type| source ---|---|--- 2021-03-03 02:44:45+00:00| seen| https://t.me/cibsecurity/24377 2021-03-03 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=556 2021-03-03 06:30:17+00:00| seen| MISP/76591c3b-efb3-4084-a644-87a6cca8c784 2021-03-07 19:26:18+00:00|...
WordPress Plugin Flaws Exploited in Ongoing Malvertising Campaign
A widespread and ongoing malicious advertising campaign is exploiting several recently-disclosed WordPress plugin vulnerabilities to redirect website visitors to booby-trapped landing pages. Researchers at Wordfence said that they recently discovered bad actors injecting code into websites with t...
CVE-2015-1725
creationtimestamp| type| source ---|---|--- 2015-09-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38270 2015-09-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/38271...