Tag: exploits
21 articles

Russian Hackers Target Network Devices With Exploits
Russian hackers, linked to the Federal Security Service's Center 16, have been actively targeting critical US and foreign networks across multiple sectors, including defense, energy, and healthcare, for over a decade. This ongoing threat has compromised networks in various industries, posing significant risks to national security and global stability.

BitLocker Zero-Day Exposes Windows Drives to Unauthorized Access
A security researcher, Chaotic Eclipse, has dropped a bombshell by releasing proof-of-concept code for two unpatched Windows vulnerabilities, citing frustration with Microsoft's handling of previous bug reports. This move exposes Windows drives to unauthorized access, even with TPM+PIN protection in place.

Microsoft Defender Zero-Days Exploited in Active Attacks
Microsoft's top security tool, Defender, has been turned against itself: hackers are exploiting three newly discovered flaws to gain elevated access to already compromised systems, forcing a major rethink of what we thought was safe. This alarming development has defenders, users, and policymakers scrambling to reassess their security assumptions.

Threat Actors Ramp Up ToolShell Exploits: Exclusive Danger
Threat actors are rapidly escalating ToolShell exploits — discover what’s changing, why it matters, and the simple steps you can take to stay protected.

Chrome 0-day Emergency: Must-Fix for Risky Flaw
Google just pushed an emergency Chrome patch for a high‑severity zero‑day being actively exploited — please check your Chrome version and update now. This is the latest in a string of browser flaws that remind users and admins alike to stay vigilant and tighten protections.

PromptFix attacks: Must-Have Defenses vs Risky Threats
Researchers warn of a new PromptFix attack that hijacks the prompts and data feeding agentic AIs, letting attackers steer, confuse, or corrupt assistants without touching the underlying models. As these agents enter everyday tools, layered protections like provenance checks, least‑privilege actions, and better monitoring are essential to keep them safe.

Kerberos zero-day: Critical Emergency Fix You Must Apply
Microsoft’s August 2025 Patch Tuesday includes a publicly known Kerberos zero‑day—apply the update and prioritize domain controllers now to stop attackers from forging tickets or escalating privileges. Also tighten MFA and monitoring while patches roll out to reduce your exposure.

Cybersecurity vulnerabilities: Must-Have Best Practices
This week’s roundup uncovers alarming flaws—from a critical SharePoint bug that can expose entire orgs to a Chrome exploit that makes ordinary browsing risky—showing attackers now target overlooked misconfigurations as much as flashy zero-days. Stay ahead by prioritizing patching, hardening defaults, and boosting monitoring to keep your data safe.

SharePoint zero-day: Must-Have Fixes for Critical Risk
A critical SharePoint zero-day has surfaced that can let attackers move from a foothold to full data theft—here’s what to patch, harden, and monitor now to stop it. With simple fixes like prompt updates, stricter configs, MFA, and better logging, you can turn a risky platform back into a safe collaboration tool.

4 Critical Vulnerabilities Added to KEV Catalog for Immediate Review
Four critical vulnerabilities have just been added to CISA’s KEV Catalog—actively exploited risks that demand your immediate attention to protect your systems from serious cyber threats.

CitrixBleed 2 Exploits Emerge: Security Researchers Sound the Alarm
New CitrixBleed 2 exploits have been discovered, prompting security researchers to warn users about potential vulnerabilities and data risks.

Citrix Issues Urgent Patches for CVE-2025-6543 Vulnerability in NetScaler ADC
Citrix releases urgent patches for CVE-2025-6543 vulnerability in NetScaler ADC, addressing critical security risks for users.

Experts Caution Against ‘Living off AI’ Attacks Following Atlassian AI Agent Protocol Exploits
Experts warn against ‘living off AI’ attacks after Atlassian AI agent protocol exploits, emphasizing the need for enhanced security measures.

CISA Advised to Expand KEV Catalog with Enhanced Contextual Insights
CISA recommends expanding the KEV catalog with enhanced contextual insights to bolster threat identification and strengthen cybersecurity.

Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin
Hackers earned $1,078,750 for exploiting 28 zero-days at Pwn2Own Berlin, exposing critical vulnerabilities and pushing cybersecurity boundaries.

Apple patched one first, but Microsoft’s blasted five exploited flaws this Pa-Tu
Apple patched one flaw swiftly, but Microsoft’s five exploited vulnerabilities in a recent Pa-Tu incident raised serious security alarms.

Linux Under Siege as Hackers Experiment with ClickFix Exploits
Linux under siege: Hackers exploit ClickFix vulnerabilities to breach systems, sparking urgent calls for enhanced security patches.

OttoKit WordPress Plugin with 100K+ Installs Hit by Exploits Targeting Multiple Flaws
OttoKit WordPress Plugin with 100K+ installs hit by exploits targeting multiple flaws. Update now to secure your site.

Cybersecurity Weekly: SAP Exploits, AI-Driven Phishing, Data Breaches & New CVEs
Cybersecurity Weekly exposes SAP exploits, AI-powered phishing, data breaches & new CVEs—your concise update for staying secure.

Cybersecurity Weekly Update: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More
Cybersecurity Weekly Update: iOS zero-days, 4Chan breach, NTLM exploits & WhatsApp spyware insights. Stay informed on emerging threats.

THN Weekly Update: iOS Vulnerabilities, 4Chan Breach, NTLM Exploits, WhatsApp Spyware, and More
Stay informed with THN Weekly Update: Explore iOS vulnerabilities, 4Chan breach, NTLM exploits, WhatsApp spyware, and more cybersecurity insights.