🏅 Most Exploited Vulnerabilities 2023
Database CVE, CWE, CISA KEV & Vulnerability Intelligence | CVE Find
· CISA Known Exploited Vulnerabilities (KEV) is an initiative that identifies and publishes a list of known exploited vulnerabilities. Manufacturers & products (CPE) Vendors and Products; Vendors List. All Vendor ... (2023-01-24 00:00 +00:00) CAPEC-700
3 days ago
2025 IBM X-Force Threat Index: UK Remains Most-Attacked Country in ...
· Asia and North America most attacked regions. Collectively accounting for nearly 60% of all attacks that IBM X-Force responded to globally, Asia (34%) and North America (24%) experienced more cyberattacks than any other region in 2024. While Europe was the most targeted in 2023, it is now in third place, accounting for 23% of all attacks.
2025
18 hours ago
Ransomware in focus: Meet Cl0p - s-rminform.com
· Initial access. Cl0p has recently gained access to sensitive data on corporate networks by exploiting SQL injection or authentication bypass vulnerabilities in various file transfer software applications (Cleo: CVE-2024-50623, CVE-2024-50623; MoveIT: CVE-2023-34362; GoAnywhere: CVE-2024-0204; SysAid: CVE-2023-47246). These vulnerabilities were exploited en-masse as zero days.
18 hours ago
Common VPN Vulnerabilities That Open The Door To Attackers
· VPN Vulnerabilities List: Real Threats from 2022–2025. Attackers aren’t working with hypotheticals. These are verified, documented vulnerabilities that have been actively exploited in real-world attacks between 2022 and 2025. If your VPN infrastructure isn’t regularly audited and patched, you’re likely exposed to one or more of them.
1 day ago
Hackers Exploit Critical Windows NTLM Spoofing Vulnerability
· This security vulnerability (tracked as CVE-2025-24054) allows hackers to disclose NTLM hashes through spoofing. It could enable attackers to leak NTLMv2-SSP hashes or user passwords to ...
18 hours ago
Weekly Security News - 14th April 2025 - D2NA
· Microsoft Patches 125 Windows Vulnerabilities, including Exploited CLFS Zero-Day. The CLFS zero-day, tagged as CVE-2025-29824, allows a local attacker to gain SYSTEM privileges by exploiting a use-after-free bug, Redmond’s security response team warned. ... The 2023 results were similar to those returned by a separate study conducted by IBM ...
3 days ago
Monitoring · Exploited vulnerabilities · The Shadowserver Foundation
· Development of the Shadowserver Dashboard was funded by the UK FCDO.IoT device fingerprinting statistics and honeypot attack statistics co-financed by the Connecting Europe Facility of the European Union (EU CEF VARIoT project).We would like to thank all our partners that kindly contribute towards data used in the Shadowserver Dashboard, including (alphabetically) APNIC Community Feeds ...
4 days ago
Vulnerability Trends - Vulmon
· CVE-2023-43622: An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP S... CVE-2023-31122: Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57. CVE-2022-42475
2 days ago
Top Vulnerabilities Of 2022
Understanding the OWASP Top 10 Vulnerabilities in 2022
· The 2022 edition is the most recent, and it's got some interesting changes compared to previous versions. We're gonna break down each of the vulnerabilities, explain what they are, and give you some ideas on how to protect your apps.
5 days ago
2022 State of Cybersecurity Effectiveness Report Highlights
· The average data exfiltration risk score has worsened considerably in 2022, with cloud service-related assessments scoring a dangerous 70 on average, followed by network protocols with a medium-risk score of 43. ... Read the full report to learn about top vulnerabilities, MITRE attack framework, and the business implications of the various ...
2022
Apr 10, 2025
12th Annual Edition of the BeyondTrust Microsoft Vulnerabilities Report ...
· Total vulnerabilities reached an all-time high of 1,360 in 2024, an 11% increase from the previous record of 1,292 in 2022 Elevation of Privilege (EoP) and Remote Code Execution (RCE)—primary ...
12
1 day ago
Official CVE Feed - Kubernetes
· FEATURE STATE: Kubernetes v1.27 [beta] This is a community maintained list of official CVEs announced by the Kubernetes Security Response Committee. See Kubernetes Security and Disclosure Information for more details. The Kubernetes project publishes a programmatically accessible feed of published security issues in JSON feed and RSS feed formats. You can access it by executing the following ...
3 days ago
Cyber Security Statistics: Important Data to Know in 2025 - Cloudwards
· 67 Cyber Security Statistics, Facts & Trends: Data on Attacks, Breaches & Threats for 2025. Globally, over 5.5 million cyber security professionals were working in the field by the end of 2022.
6 days ago
Threat Intelligence News and Articles - Infosecurity Magazine
· Unpacking the Top Vulnerabilities Exploited by Sophisticated Attackers. 26 Jun 2024 Webinar. Understand and Combat the Top Healthcare Cloud Threats Today. 21 Mar 2024 Webinar. ... 28 Mar 2022 Podcast. Into Security Podcast - Episode 5. 29 Jul 2019 Podcast. Into Security Podcast - Episode 4 5 Jul 2019 Podcast. More news and features.
Apr 10, 2025
Vulnerability Trends - Vulmon
· In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices ... CVE-2023-27997: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6... CVE-2022-42475
4 days ago
CVE-2022-49105 Common Vulnerabilities and Exposures - SUSE
· Secure your Linux systems from CVE-2022-49105. Stay ahead of potential threats with the latest security updates from SUSE. Exit SUSE Federal > Customer Center. Account ... CVE-2022-49105 Common Vulnerabilities and Exposures. Upstream information. CVE-2022-49105 at MITRE ...
3 days ago
Top Cve Vulnerabilities 2023
April 2023 Microsoft Security Update: 126 Vulnerabilities Addressed
· One notable vulnerability—the Windows Common Log File System Driver Privilege Escalation (CVE-2025-29824) with a CVSS score of 7.8—is actively exploited, making it a top priority for immediate patching. Key vulnerabilities detailed include: Windows Common Log File System Driver Privilege Escalation (CVE-2025-29824):
6 days ago
CVE Threat Database | Real-Time Security Insights
· CVE-2025-32642 Critical Vulnerability Alert Cross-Site Request Forgery (CSRF) vulnerability in appsbd Vite Coupon allows Remote Code Inclusion. This issue affects Vite Coupon: from n/a through 1.0.7. CVE-2024-41794 Critical Vulnerability Alert A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected ...
3 days ago
Vulnerability support in Microsoft Defender Vulnerability Management
· Fixed inaccuracy in Dell SupportAssist vulnerabilities- CVE-2023-44283 and CVE-2023-25535: 06-Aug-24: 60800: Fixed inaccuracy in Git SCM: 06-Aug-24: 61540: Fixed inaccurate detections in FileZilla by excluding fzputtygen.exe path: 07-Aug-24: 67107:
Apr 10, 2025
Latest Published Vulnerabilities CVE - CVEFeed.io
· ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Authentication vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to bypass aut...
Apr 10, 2025
US cuts: CVE list could stop immediately | heise online
· Thanks to CVE, reported security vulnerabilities are given a unique number so that all parties involved can ensure that they are talking about the same problem. ... Top 10: Die beste Sportuhr im ...
1 day ago
Official CVE Feed - Kubernetes
· FEATURE STATE: Kubernetes v1.27 [beta] This is a community maintained list of official CVEs announced by the Kubernetes Security Response Committee. See Kubernetes Security and Disclosure Information for more details. The Kubernetes project publishes a programmatically accessible feed of published security issues in JSON feed and RSS feed formats. You can access it by executing the following ...
3 days ago
Vulnerability Trends - Vulmon
· In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices ... CVE-2023-27997: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6... CVE-2022-42475
4 days ago
Latest Published Vulnerabilities CVE
· Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. ... CVE-2023-42970. A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS ...
6 days ago
Best Vulnerability Scanner 2023
25 Best Vulnerability Scanning Software Reviewed in 2025
· Vulnerability Scanning Software Selection Criteria. When selecting the best vulnerability scanning software to include in this list, I considered common buyer needs and pain points like ease of integration and real-time threat detection. I also used the following framework to keep my evaluation structured and fair:
25
5 days ago
Top 5 Vulnerability Scanning Tools in 2025 - AIMultiple
· Invicti leverages a web vulnerability scanner, which utilizes proprietary Proof-Based Scanning technology to identify and confirm vulnerabilities accurately, ensuring the results are not false positives. The tool is designed to assess application security by using both dynamic application security testing and interactive application security testing (DAST + IAST).
5
6 days ago
25 Best Penetration Testing Tools Reviewed in 2025
· The platform offers automated vulnerability scanning and manual penetration testing, covering over 8,000 security tests. The centralized dashboard simplifies the process of tracking and remediating vulnerabilities. This makes it particularly suitable for teams needing constant security evaluation. Standout features & integrations:
25
5 days ago
10 BEST Vulnerability Scanning Tools (2025) - Guru99
· Vulnerability scanners are automated tools that constantly evaluate the software system’s security risks to identify security vulnerabilities. After investing over 80 hours into research, I have evaluated 40+ tools and compiled a list of the Best Vulnerability Scanning Tools, featuring both free and paid options.
10
3 days ago
Open-source Vulnerability Scanners Tools | Restackio
· Best Open Source Vulnerability Scanner 2023. Explore the top open-source vulnerability scanners of 2023, their features, and how they enhance security assessments. Open-Source Vulnerability Scanners List. Explore various open-source vulnerability scanning tools to enhance your security posture and identify potential threats.
Apr 10, 2025
Best Network Scanning Tool Comparison | Nmap vs Zenmap vs Angry IP ...
· Choosing the best network scanning tool is crucial for cybersecurity professionals, ethical hackers, and system administrators. This blog compares widely used tools like Nmap, Zenmap, Angry IP Scanner, and Hping3, covering their use cases, command-line examples, outputs, strengths, and weaknesses. With the rise in ethical hacking and vulnerability assessments, knowing which scanner to use ...
Apr 10, 2025
Vulnerability Scanner Software List (April 2025) - SaaSworthy
· List of best Vulnerability Scanner Software along with reviews, pricing and features. Compare top Vulnerability Scanner Software on SaaSworthy.com. ... Intruder is an online vulnerability scanner that finds cyber security weaknesses in most exposed systems, to avoid costly data breaches. ...
2 days ago
20 Best Web Application Penetration Testing Tools in 2025
· Astra Pentest is a developer-friendly pentest platform featuring an automated vulnerability scanner and manual pentesting by security experts to ensure zero false positives. The platform's vulnerability scanner runs 9300+ test cases covering OWASP, SANS, ISO, SOC, and other standards.
20
6 days ago
Top 10 Cve Vulnerabilities 2023
CVE Threat Database | Real-Time Security Insights
· Top 10 CVE Newest Entries - Real-Time Updates. Stay ahead of cybersecurity threats with real-time updates on the latest vulnerabilities. This section highlights the top 10 most recently disclosed Common Vulnerabilities and Exposures (CVEs). Explore details, impact assessments, and mitigation strategies to safeguard your systems.
3 days ago
Database CVE, CWE, CISA KEV & Vulnerability Intelligence | CVE Find
· OWASP Top 10 is an initiative that identifies and documents the top 10 security vulnerabilities in web applications. ... (2023-01-24 00:00 +00:00) ... Get free real-time alerts on new vulnerabilities with CVE Find. Stay protected and informed instantly ! Free: Create an account.
3 days ago
Official CVE Feed - Kubernetes
· FEATURE STATE: Kubernetes v1.27 [beta] This is a community maintained list of official CVEs announced by the Kubernetes Security Response Committee. See Kubernetes Security and Disclosure Information for more details. The Kubernetes project publishes a programmatically accessible feed of published security issues in JSON feed and RSS feed formats. You can access it by executing the following ...
3 days ago
April 2023 Microsoft Security Update: 126 Vulnerabilities Addressed
· One notable vulnerability—the Windows Common Log File System Driver Privilege Escalation (CVE-2025-29824) with a CVSS score of 7.8—is actively exploited, making it a top priority for immediate patching. Key vulnerabilities detailed include: Windows Common Log File System Driver Privilege Escalation (CVE-2025-29824):
6 days ago
CVEDB API - Fast Vulnerability Dashboard - Shodan
· CVEDB API - Fast Vulnerability Dashboard. The CVEDB API offers a quick way to check information about vulnerabilities in a service. You can search using either the CVE-ID or CPE23.
3 days ago
Weekly Top 10: 04.14.2025: Exploitation of CLFS Zero-Day Leads to ...
· Microsoft discovered exploitation of a Windows CLFS zero-day vulnerability (CVE-2025-29824) leading to ransomware attacks against organizations in IT, real estate, financial, and retail sectors. ... (including CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762) are patched. ... The following top 10 stories were selected from the 40+ original ...
3 days ago
Latest Published Vulnerabilities CVE
· Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. ... CVE-2025-3531. A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of ...
4 days ago
The SOS Intelligence CVE Chatter Weekly Top Ten - 14 April 2025 - SOS ...
· 10. CVE-2024-53150. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources. The current USB-audio driver code doesn’t check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength ...
3 days ago
Most Exploited Vulnerabilities 2022
Understanding the OWASP Top 10 Vulnerabilities in 2022
· It's based on real-world data and expert opinions, so it reflects what's actually happening out there. The 2022 edition is the most recent, and it's got some interesting changes compared to previous versions. We're gonna break down each of the vulnerabilities, explain what they are, and give you some ideas on how to protect your apps.
5 days ago
14,000 Fortinet firewalls compromised: Attackers nestle in
· The specific cases investigated involved vulnerabilities in FortiOS SSL VPN (CVE-2022-42475, CVSS 9.3, risk “critical”), FortiOS and FortiProxy SSL VPN (CVE-2023-27997, CVSS 9.2, risk ...
14
2 days ago
Common VPN Vulnerabilities That Open The Door To Attackers
· VPN Vulnerabilities List: Real Threats from 2022–2025. Attackers aren’t working with hypotheticals. These are verified, documented vulnerabilities that have been actively exploited in real-world attacks between 2022 and 2025. If your VPN infrastructure isn’t regularly audited and patched, you’re likely exposed to one or more of them.
1 day ago
Over 14K Fortinet devices compromised via new attack method
· Dive Brief: The Shadowserver Foundation reported Saturday that more than 14,000 Fortinet devices across the globe have been compromised by a threat actor that exploited known vulnerabilities and deployed a symlink-based persistence mechanism.. In a blog post last week, Fortinet warned that a threat actor had used older critical vulnerabilities, including CVE-2022-42475, CVE-2023-27997 and CVE ...
3 days ago
World map · Exploited vulnerabilities · The Shadowserver Foundation
· Exploited vulnerabilities World map. Filters. Day
3 days ago
Fortinet warns of threat activity against older vulnerabilities
· Fortinet detailed new exploitation activity against known critical vulnerabilities in FortiGate devices, including CVE-2022-42475, CVE-2023-27997 and CVE-2024-21762, in a Thursday blog post.. Fortinet said that although these vulnerabilities have been patched, a threat actor was observed using a new technique to maintain read-only access to vulnerable FortiGate devices after they were updated.
6 days ago
Fortinet Releases Security Updates for FortiOS and FortiGate
· Fortinet has patched a persistence mechanism used by an adversary that previously exploited CVE-2022-42475, CVE-2023-27997 and CVE-2024-21762. ... Fortinet has stated that an attacker used a known vulnerability to compromise a FortiGate device and implement read-only access to the file system using a symbolic link between the user and root ...
6 days ago
Latest Published Vulnerabilities CVE - CVEFeed.io
· Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
3 days ago
Most Exploited Vulnerabilities 2024
CISA Warns of Actively Exploited Linux Kernel Vulnerabilities (CVE-2024 ...
· CISA has added Linux kernel vulnerabilities CVE-2024-53197 and CVE-2024-53150 to its KEV catalog, warning of active exploitation. Learn how these flaws are used in Android device exploits and what steps to take. ... (CISA) has issued a warning after adding two newly discovered Linux kernel vulnerabilities to its Known Exploited Vulnerabilities ...
Apr 10, 2025
CISA Urges Immediate Action on Critical Linux Kernel Vulnerabilities
· CVE-2024-53197 and CVE-2024-53150, recently added to CISA's Known Exploited Vulnerabilities Catalog, are important wake-up calls for Linux administrators. By understanding their nature and the active threats they pose, we can take vital steps towards safeguarding our systems against current exploits and potential future ones.
Apr 10, 2025
CVEDB API - Fast Vulnerability Dashboard - Shodan
· Here is a compilation of the most recent vulnerabilities impacting various products. ... Here is a compiled list of vulnerabilities that have been exploited (KEV) with their affected products. CVE ID Affected Products; Highest EPSS? Here is a compiled list of vulnerabilities sorted by their Exploitability Subscore (EPSS), starting from the ...
3 days ago
CISA Alerts on Actively Exploited Linux Kernel Out-of ... - GBHackers
· CVE-2024-53150: Linux Kernel Out-of-Bounds Read Vulnerability The second vulnerability, CVE-2024-53150, involves an out-of-bounds read issue in the same USB-audio driver. Unlike CVE-2024-53197, this flaw is exploitable by a local, privileged attacker who could leverage it to obtain potentially sensitive information, such as system memory details or user credentials.
Apr 10, 2025
Stay Informed on the Newest Security Vulnerabilities
· These Linux kernel vulnerabilities, identified as CVE-2024-53197 and CVE-2024-53150, involve out-of-bounds access problems that malicious actors have already exploited. The implications are severe, potentially allowing attackers to bypass system security, manipulate data, or execute arbitrary code, putting your systems at significant risk.
Apr 10, 2025
Latest Published Vulnerabilities CVE - CVEFeed.io
· Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. ... CVE-2024-36842.
2 days ago
12th Annual Edition of the BeyondTrust Microsoft - GlobeNewswire
· Windows Server had 684 vulnerabilities in 2024; 43 were critical. Microsoft Office vulnerabilities nearly doubled from 2023, reaching 62 in 2024.
12
2 days ago
Database CVE, CWE, CISA KEV & Vulnerability Intelligence | CVE Find
· CISA Known Exploited Vulnerabilities (KEV) is an initiative that identifies and publishes a list of known exploited vulnerabilities. ... (2024-07-16 00:00 +00:00) CWE, or Common Weakness Enumeration, is a comprehensive list and categorization of software weaknesses and vulnerabilities. It serves as a common language for describing software ...
3 days ago
Top 10 Security Vulnerabilities 2022
Understanding the OWASP Top 10 Vulnerabilities in 2022
· Decoding the OWASP Top 10: What You Need to Know. Okay, so you've probably heard about the OWASP Top 10. It's like, a big deal in the world of web application security. Basically, it's a list that the Open Web Application Security Project (OWASP, get it?) puts out every few years, highlighting the most critical security risks for web apps.
5 days ago
Vulnerable and outdated components: An OWASP Top 10 risk
· Using vulnerable or outdated software components remains one of the most widespread cybersecurity risks in modern web application development. It’s a key category in the OWASP Top 10 (A06:2021), highlighting the dangers of relying on third-party components that contain known security vulnerabilities or are no longer supported. Without clear ...
Apr 10, 2025
CVE Threat Database | Real-Time Security Insights
· By monitoring newly disclosed vulnerabilities, security teams can proactively patch critical flaws, mitigate the risk of exploits, and safeguard critical infrastructures. Our curated list of the Top 10 Latest CVEs reflects real-time updates, ensuring you stay informed about newly released advisories across multiple vendors. Average CVSS Score ...
3 days ago
How To Perform A Web Application Penetration Test (Owasp Top 10)
· 4. Exploiting OWASP Top 10 Vulnerabilities. The penetration tester then manually exploits vulnerabilities based on the OWASP Top 10 risks: Injection (SQL, NoSQL, OS Command Injection) – Attackers manipulate input fields to execute malicious queries. Broken Authentication – Weak authentication processes lead to credential theft and session ...
2 days ago
The Dark Side of AI: 10 Vulnerabilities You Shouldn’t Ignore (and How…
· LLM05: Supply chain vulnerabilities. Using external components, such as pre-trained models or plugins, can introduce vulnerabilities. An unverified model could contain backdoors. Best practices: Verify the source of models and plugins. Perform security audits and dependency scans. Apply OWASP ASVS principles throughout the SDLC.
2 days ago
Top 10 Latest Security Threats in E-commerce and Their Solutions - Qualysec
· 1. Payment Manipulation. Payment manipulations are now a severe cyber threat in e-commerce, where cybercriminals exploit vulnerabilities in payment processes to steal money or sensitive information.This type of threat occurs when hackers tamper with customer’s payment data. They redirect funds to their accounts or manipulate transaction details to deceive both customers and vendors.
10
5 days ago
Top 100 Cyber Security RSS Feeds - RSS Reader
· The WebARX Security blog is a comprehensive source of expertise in web application security, offering critical insights into the protection of websites and online services. This blog covers everything from the latest security vulnerabilities and malware threats to best practices in web development and secure coding.
100
2 days ago
CVE-2022-49105 Common Vulnerabilities and Exposures - SUSE
· Secure your Linux systems from CVE-2022-49105. Stay ahead of potential threats with the latest security updates from SUSE. ... CVE-2022-49105 Common Vulnerabilities and Exposures. Upstream information. CVE-2022-49105 at MITRE. Description In the Linux ...
3 days ago
Top 10 Most Exploited Vulnerabilities
Vulnerable and outdated components: An OWASP Top 10 risk
· Using vulnerable or outdated software components remains one of the most widespread cybersecurity risks in modern web application development. It’s a key category in the OWASP Top 10 (A06:2021), highlighting the dangers of relying on third-party components that contain known security vulnerabilities or are no longer supported. Without clear ...
Apr 10, 2025
X-Force Threat Intelligence Index 2025 highlights attackers steal ... - IBM
· In 2024, the top five infostealers alone had more than 8 million advertisements on the dark web. With each listing having the potential to contain hundreds of credentials within, the true number is undoubtedly much higher. ... In more than one-quarter of these cases, attackers successfully exploited a vulnerability to gain access to the victim ...
18 hours ago
2025 IBM X-Force Threat Index: UK Remains Most-Attacked Country in ...
· Issues like the remote code execution vulnerability that IBM X-Force discovered in a framework for building AI agents will become more frequent. With adoption set to grow in 2025, so will the incentives for adversaries to develop specialized attack toolkits targeting AI, making it imperative that businesses secure the AI pipeline from the start , including the data, the model, the usage, and ...
2025
18 hours ago
OWASP Top 10 Vulnerabilities 2025 | Website Cyber Security - Medium
📅 Published on April 10, 2025 ️ By Agam Verma | Ethical Hacker & Security Researcher. When it comes to securing the modern web, OWASP’s Top 10 Vulnerabilities is still the go-to playbook ...
2025 IBM X-Force Threat Index: Large-Scale Credential Theft Escalates ...
· In reviewing the common vulnerabilities and exposures (CVEs) most mentioned on dark web forums, IBM X-Force found that four out of the top ten have been linked to sophisticated threat actor groups, including nation-state adversaries, escalating the risk of disruption, espionage and financial extortion.
2025
18 hours ago
Cybersecurity Weekly Recap: Top Cyber Attacks, Vulnerabilities & Data ...
· Cybersecurity Weekly Recap: Top Cyber Attacks, Vulnerabilities & Data Breaches. Prasad G April 17, 2025; 11:06 am ...
18 hours ago
IBM releases 2025 X-Force Threat Intelligence Index
· Critical infrastructure organizations accounted for 70% of all attacks that IBM X-Force responded to last year, with more than one quarter of these attacks caused by vulnerability exploitation. More cybercriminals opted to steal data (18%) than encrypt it (11%) as advanced detection technologies and increased law enforcement efforts pressure cybercriminals to adopt faster exit paths.
18 hours ago
Understanding the OWASP Top 10 Vulnerabilities in 2022
· Decoding the OWASP Top 10: What You Need to Know. Okay, so you've probably heard about the OWASP Top 10. It's like, a big deal in the world of web application security. Basically, it's a list that the Open Web Application Security Project (OWASP, get it?) puts out every few years, highlighting the most critical security risks for web apps.
5 days ago
Top Cybersecurity Vulnerabilities 2023
Cyber Newsroom Feed - CVEFeed.io
· The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
3 days ago
12th Annual Edition of the BeyondTrust Microsoft Vulnerabilities Report ...
· BeyondTrust, the global cybersecurity leader protecting Paths to Privilege, today released its annual Microsoft Vulnerabilities Report, revealing a record-breaking number of reported Microsoft ...
12
1 day ago
2025 IBM X-Force Threat Index: UK Remains Most-Attacked Country in ...
· In reviewing the common vulnerabilities and exposures (CVEs) most mentioned on dark web forums, IBM X-Force found that four out of the top ten have been linked to sophisticated threat actor groups, including nation-state adversaries, escalating the risk of disruption, espionage and financial extortion.
2025
18 hours ago
Latest News - SecurityWeek
· SonicWall Patches High-Severity Vulnerability in NetExtender SonicWall has released fixes for three vulnerabilities in NetExtender for Windows, including a high-severity bug.
3 days ago
Updates | CSRC
· News and Updates from NIST's Computer Security and Applied Cybersecurity Divisions.
Apr 10, 2025
Vulnerability Trends - Vulmon
· Stay updated with the latest CVE trends. Monitor trends and protect your systems effectively with this comprehensive data.
4 days ago
Latest Cyber Security & Tech News | Cybernews
Stay updated with the latest cyber security and tech news on Cybernews.
Cyber Security News Today | Articles on Cyber Security, Malware Attack ...
· Cyber News - Check out top news and articles about cyber security, malware attack updates and more at Cyware.com. Our machine learning based curation engine brings you the top and relevant cyber security content. Read More!
Apr 10, 2025
Top Vulnerabilities Hackers Exploit 2023
Hackers Exploit Critical Windows NTLM Spoofing Vulnerability
· This security vulnerability (tracked as CVE-2025-24054) allows hackers to disclose NTLM hashes through spoofing. It could enable attackers to leak NTLMv2-SSP hashes or user passwords to ...
18 hours ago
MITRE Hackers’ Backdoor Has Targeted Windows for Years
· To hack MITRE, a Chinese APT tracked as UNC5221 exploited two zero-day vulnerabilities in an Ivanti Connect Secure VPN as early as December 31, 2023, following up with fingerprinting in January 4, 2024, and lateral movement and malware deployment in the next few days.
18 hours ago
Over 14K Fortinet devices compromised via new attack method
· Dive Brief: The Shadowserver Foundation reported Saturday that more than 14,000 Fortinet devices across the globe have been compromised by a threat actor that exploited known vulnerabilities and deployed a symlink-based persistence mechanism.. In a blog post last week, Fortinet warned that a threat actor had used older critical vulnerabilities, including CVE-2022-42475, CVE-2023-27997 and CVE ...
3 days ago
⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked ...
· The attacks exploit an information disclosure vulnerability (no CVE) that can be used to gain administrative control over affected systems. The surge in attacks began on March 31, 2025, with over 6,600 unique IP addresses, mainly from Taiwan, Japan, and South Korea, targeting systems located in the United States, United Kingdom, and Germany, attempting to exploit the flaw over the past 30 days.
3 days ago
Fortinet Warns Attackers Retain FortiGate Access Post ... - The Hacker News
· The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. "A threat actor used a known vulnerability to implement read-only access to vulnerable FortiGate devices," the network security company said in an advisory released Thursday. "This ...
6 days ago
14,000 Fortinet firewalls compromised: Attackers nestle in
· The specific cases investigated involved vulnerabilities in FortiOS SSL VPN (CVE-2022-42475, CVSS 9.3, risk “critical”), FortiOS and FortiProxy SSL VPN (CVE-2023-27997, CVSS 9.2, risk ...
14
2 days ago
Hackers lurk in over 14K Fortinet devices | Cybernews
· Hackers retain access to over 14,000 Fortinet VPNs, public scans by Shadowserver Foundation have revealed. ... Many Fortinet administrators have yet to patch devices to another critical authentication bypass vulnerability (CVE-2024-55591), which has a severity rating of 9.8 out of 10. It was disclosed and fixed on January 14th, 2025 ...
3 days ago
X-Force Threat Intelligence Index 2025 highlights attackers steal ... - IBM
· While large-scale attacks on AI technologies haven’t materialized yet, security researchers are racing to stay ahead, identifying and fixing vulnerabilities before threat actors can exploit them. Issues like the remote code execution vulnerability that X-Force found in a framework for building AI agents will become more frequent, and where weaknesses exist, attackers will follow.
18 hours ago
Most Frequently Exploited Vulnerabilities
2025 IBM X-Force Threat Index: Large-Scale Credential Theft Escalates ...
· In reviewing the common vulnerabilities and exposures (CVEs) most mentioned on dark web forums, IBM X-Force found that four out of the top ten have been linked to sophisticated threat actor groups, including nation-state adversaries, escalating the risk of disruption, espionage and financial extortion.
2025
18 hours ago
Cybersecurity Weekly Recap: Top Cyber Attacks, Vulnerabilities & Data ...
· This weekly recap provides an analytical overview of the most impactful cyber attacks, vulnerabilities, and strategic developments, highlighting key insights and actionable recommendations for security teams.
18 hours ago
Identity-based attacks lead the charge - IT-Online
· In 2024, threat actors prioritised stealth and efficiency, leveraging simpler techniques rather than custom malware or zero-day vulnerabilities. Notably, identity-based attacks emerged as the dominant threat vector, while ransomware incidents increasingly exploited valid credentials to gain access. These are among the top-level findings from the Cisco Talos 2024 Year in Review, that shares ...
1 day ago
Top five most common network vulnerabilities - Advania
· These vulnerabilities can be exploited by cyber criminals to gain unauthorised access, steal sensitive information, or disrupt operations. Find a comprehensive overview of the most common network vulnerabilities, with valuable information and practical advice to enhance your organisation’s security posture. What is a network vulnerability?
1 day ago
Threat actors thrive in chaos - blog.talosintelligence.com
· Martin delves into how threat actors exploit chaos, offering insights from Talos' 2024 Year in Review on how to fortify defenses against evolving email lures and frequently targeted vulnerabilities, even amidst economic disruption.
Apr 10, 2025
Remote access tools most frequently targeted as ransomware entry points
· Remote access tools most frequently targeted as ransomware entry points Supply chain risk via third-party vendors increased sharply last year, according to a report by At-Bay.
6 days ago
Remote access tools most frequently targeted as ransomware entry points
· The At-Bay report shows how some very familiar security tools are being exploited to launch highly disruptive attacks on businesses. VPNs and remote access tools have been used to help workers gain secure access to their corporate networks from remote locations.
6 days ago
Blockchain Future at Risk: Emerging Cyber Threats in 2025 & Beyond
· Enhanced Key Management: Implementing multi-signature wallets and hardware security modules can reduce the risk of private key compromises. Regular Security Audits: Conducting frequent audits of smart contracts and platform code can identify and rectify vulnerabilities before they are exploited.
3 days ago