#active-exploitation

[ follow ]
#path-traversal #cisa #cloud-security #training-applications #privileged-access #google-chrome
fromSecuritymagazine
6 days ago

Security Vendors, Fortune 500 Companies Exposed and Exploited

Research from Pentera Labs reveals evidence of active exploitation in customer-managed business cloud environments, particularly within Fortune 500 companies and cybersecurity vendors. This exploitation is targeting training applications utilized by said organizations. These are applications typically deployed for security demos and training, including OWASP Juice Shop, DVWA and Hackazon. The research discovered thousands of systems exposed, with several hosted on enterprise infrastructure using Azure, AWS and GCP cloud platforms.
Information security
Information security
fromThe Hacker News
1 month ago

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Update Chrome immediately to patch a high-severity, actively exploited vulnerability and multiple other zero-day and medium-severity flaws.
Information security
fromThe Hacker News
1 month ago

Warning: WinRAR Vulnerability CVE-2025-6218 Under Active Attack by Multiple Threat Groups

A WinRAR path traversal vulnerability (CVE-2025-6218) enabling code execution has been actively exploited and was patched in WinRAR 7.12 for Windows.
fromTheregister
2 months ago

CISA orders feds to patch Oracle Identity Manager zero-day

Searchlight Cyber researchers Adam Kues and Shubham Shah, who discovered the flaw, have published their own technical teardown of the vulnerability that doesn't mince words about the ease with which criminals can weaponize it. The researchers call exploitation "trivial," describing a single HTTP request that bypasses OIM's normal authentication flow and ultimately gives an attacker remote system-level control. Oracle disclosed the bug in October, but didn't indicate that it was under active exploitation.
Information security
Information security
fromTheregister
2 months ago

Fortinet finally cops to critical bug under active exploit

Critical FortiWeb path traversal (CVE-2025-64446) allows unauthenticated attackers full administrative takeover and was exploited in the wild before a public advisory and CVE assignment.
Information security
fromTheregister
3 months ago

Feds flag active exploitation of patched Windows SMB vuln

A high-severity Windows SMB client vulnerability (CVE-2025-33073) is being actively exploited despite patches, requiring immediate patching or removal.
Information security
fromThe Hacker News
4 months ago

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

An unsafe deserialization flaw (CVE-2025-10035) in Fortra GoAnywhere permits unauthenticated command injection and was actively exploited in the wild by at least September 10, 2025.
fromComputerWeekly.com
5 months ago

Three new Citrix NetScaler zero-days under active exploitation | Computer Weekly

Citrix has issued patches in order to fix three newly-designated common vulnerabilities and exposures (CVEs) in the widely used NetScaler Application Delivery Controller (ADC) and NetScaler Gateway lines. The trio of bugs, which are tracked as CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424 are, respectively, a memory overflow vulnerability that leads either to pre-authentication remote code execution (RCE) or denial of service (DoS), or both.
Information security
[ Load more ]