Lucene search
K

19 matches found

Wiz blog
Wiz blog
added 2025/12/08 5:18 p.m.10 views

React2Shell: Technical Deep-Dive & In-the-Wild Exploitation of CVE-2025-55182

We break down the exploit mechanics and detail active in-the-wild attacks observed by our team, from credential harvesting to sophisticated cloud backdoors...

10CVSS6.9AI score0.99562EPSS
Exploits374
The Hacker News
The Hacker News
added 2023/04/19 1:47 p.m.87 views

Google Chrome Hit by Second Zero-Day Attack - Urgent Patch Update Released

Google on Tuesday rolled out emergency fixes to address another actively exploited high-severity zero-day flaw in its Chrome web browser. The flaw, tracked as CVE-2023-2136, is described as a case of integer overflow in Skia, an open source 2D graphics library. Clément Lecigne of Google's Threat...

9.6CVSS8.3AI score0.40798EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2022/12/22 12:0 a.m.63 views

CVE-2022-26485

Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, Thunderbird 91.6.2, and Focus 97.3.0. Recent...

8.8CVSS8.1AI score0.14261EPSS
In wildExploits1References3
The Hacker News
The Hacker News
added 2022/09/23 10:21 a.m.53 views

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. "Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager...

9.8CVSS1.5AI score0.9994EPSS
Exploits5
The Hacker News
The Hacker News
added 2022/08/29 4:23 a.m.202 views

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...

10CVSS1.7AI score0.99939EPSS
Exploits72
The Hacker News
The Hacker News
added 2022/08/24 6:21 a.m.102 views

GitLab Issues Patch for Critical Flaw in its Community and Enterprise Software

DevOps platform GitLab this week issued patches to address a critical security flaw in its software that could lead to arbitrary code execution on affected systems. Tracked as CVE-2022-2884, the issue is rated 9.9 on the CVSS vulnerability scoring system and impacts all versions of GitLab Communi...

2.5AI score0.75718EPSS
Exploits4
The Hacker News
The Hacker News
added 2022/06/07 6:34 a.m.30 views

Apple's New Feature Will Install Security Updates Automatically Without Full OS Update

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/11 3:30 a.m.87 views

Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flaw

Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a...

10CVSS2.9AI score0.16342EPSS
Exploits0
ThreatPost
ThreatPost
added 2020/07/16 4:14 p.m.374 views

Zoom Addresses Vanity URL Zero-Day

A previously undisclosed bug in Zoom’s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information. Disclosed by Zoom and Check Point on Thursday, the security flaw existed in the “Vanity URL”...

8.1AI score0.0552EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2020/05/04 7:23 p.m.221 views

Hackers Exploit Critical Flaw in Ghost Platform with Cryptojacking Attack

Hackers targeted the publishing platform Ghost over the weekend, launching a cryptojacking attack against its servers that led to widespread outages. The attack stemmed from the exploit of critical vulnerabilities in SaltStack, used in Ghost’s server management infrastructure. Ghost is a free,...

7.5CVSS9.3AI score0.96405EPSS
Exploits25References12
ThreatPost
ThreatPost
added 2020/01/21 2:58 p.m.367 views

Microsoft Zero-Day Actively Exploited, Patch Forthcoming

An unpatched remote code-execution vulnerability in Internet Explorer is being actively exploited in the wild, Microsoft has announced. It’s working on a patch. In the meantime, workarounds are available. The bug CVE-2020-0674 which is listed as critical in severity for IE 11, and moderate for IE...

7.6CVSS8.1AI score0.86863EPSS
Exploits18References13
RedHat Linux
RedHat Linux
added 2019/06/27 10:16 a.m.6 views

Mozilla: Type confusion in Array.pop

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

8.8CVSS7.3AI score0.37951EPSS
Exploits7References6
rapid7community
rapid7community
added 2017/03/15 2:29 p.m.1426 views

Apache Struts Vulnerability (CVE-2017-5638) Exploit Traffic

UPDATE - March 10th, 2017: Rapid7 added a check that works in conjunction with Nexposes web spider functionality. This check will be performed against any URIs discovered with the suffix ".action" the default configuration for Apache Struts apps. To learn more about using this check, read this...

10CVSS10.5AI score0.99999EPSS
Exploits44
ThreatPost
ThreatPost
added 2017/03/14 3:26 p.m.100 views

Patch Tuesday Returns; Microsoft Quiet on Postponement

Patch Tuesday returned today as expected after last month’s postponement with a giant release of fixes that includes patches for vulnerabilities disclosed and exploited since the last set of updates in January. Microsoft, however, was relatively silent on the reasons why the February updates were...

9.3CVSS9.1AI score0.99945EPSS
Exploits45References12
The Hacker News
The Hacker News
added 2013/03/02 6:26 a.m.13 views

Another Java zero-day vulnerability being exploited in the wild

Do you still have Java installed? There is a bad news for you ! FireEye has detected yet another Java zero-day vulnerability being exploited in attacks in the wild. The vulnerability targets browsers that have the latest version of the Java plugin installed Java v1.6 Update 41 and Java v1.7 Updat...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2010/09/13 10:20 p.m.29 views

Adobe Warns of Flash Player Zero-Day Attack

The zero-day hacker attacks against Adobe’s software products are coming fast and furious. Less than a week after the discovery of a sophisticated malware attack against an unpatched security hole in Adobe Reader/Acrobat, the company has issued a new warning for in-the-wild attacks against a...

9.3CVSS3.5AI score0.15621EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2010/07/13 5:8 p.m.28 views

MS Patch Tuesday: Googler Zero-Day Fixed in 33 Days

Last month, when Google researcher Tavis Ormandy released details on a critical Help and Support Center vulnerability that exposed Windows XP and Windows Server 2003 users to malicious hacker attacks, Microsoft was publicly unhappy with the decision. Ormandy claims he spent five days negotiating...

7.9AI score
Exploits0References3
ThreatPost
ThreatPost
added 2009/09/08 11:58 a.m.121 views

Attackers Pounce on Microsoft FTP in IIS Vulnerability

Less than a week after the publication of exploit code for a gaping hole in the FTP Service in Microsoft Internet Information Services IIS, attackers are launching what is described as “limited attacks” against Windows users. Microsoft has updated its security advisory to warn of the new attacks...

9.3CVSS1.8AI score0.99945EPSS
Exploits33References3
ThreatPost
ThreatPost
added 2009/03/18 4:20 p.m.10 views

The Ryan & Roel Show Episode 4

In-the-wild worm attacks exploitation – Fri, November 7 2008 In this special episode, Ryan and Roel get to the bottom of the new in-the-wild worm attacks exploiting the Microsoft MS08-067 vulnerability. Listen as Roel provides a blow-by-blow of the two different Trojans now targeting...

4.5AI score
Exploits0References1
Rows per page
Query Builder