Published on: 2025-06-29 17:13:19
On Thursday, CISA warned U.S. federal agencies to secure their systems against ongoing attacks exploiting a high-severity vulnerability in the Chrome web browser. Solidlab security researcher Vsevolod Kokorin discovered the flaw (CVE-2025-4664) and shared technical details online on May 5th. Google released security updates to patch it on Wednesday. As Kokorin explained, the vulnerability is due to insufficient policy enforcement in Google Chrome's Loader component, and successful exploitation
Keywords: attacks chrome day exploited google
Find related items on AmazonPublished on: 2025-07-06 01:56:57
Today is Microsoft's May 2025 Patch Tuesday, which includes security updates for 72 flaws, including five actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also fixes six "Critical" vulnerabilities, five being remote code execution vulnerabilities and another an information disclosure bug. The number of bugs in each vulnerability category is listed below: 17 Elevation of Privilege Vulnerabilities 2 Security Feature Bypass Vulnerabilities 28 Remote Co
Keywords: 2025 exploited microsoft privileges vulnerability
Find related items on AmazonPublished on: 2025-07-23 16:23:53
Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. On Tuesday, SonicWall updated security advisories for the CVE-2023-44221 and CVE-2024-38475 security flaws to tag the two vulnerabilities as "potentially being exploited in the wild." CVE-2023-44221 is described as a high-severity command injection vulnerability caused by improper neutralization of special elements i
Keywords: cve exploited security sma sonicwall
Find related items on AmazonPublished on: 2025-07-26 09:23:53
Cybersecurity company SonicWall has warned customers that several vulnerabilities impacting its Secure Mobile Access (SMA) appliances are now being actively exploited in attacks. On Tuesday, SonicWall updated security advisories for the CVE-2023-44221 and CVE-2024-38475 security flaws to tag the two vulnerabilities as "potentially being exploited in the wild." CVE-2023-44221 is described as a high-severity command injection vulnerability caused by improper neutralization of special elements i
Keywords: cve exploited security sma sonicwall
Find related items on AmazonPublished on: 2025-07-28 21:53:39
Last year was big for zero-day exploits, security threats that appear in the wild before vendors have a chance to develop patches. Through its sprawling network of services and research initiatives, Google is the first to spot many of these threats. In a new report from the Google Threat Intelligence Group (GTIG), the company reveals it detected 75 zero-day exploits in 2024, which is a bit lower than the previous year. Unsurprisingly, a sizable chunk of them were the work of state-sponsored hack
Keywords: 2024 day exploits google zero
Find related items on AmazonPublished on: 2025-07-29 01:00:00
Google's Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks. These numbers are down from 97 zero-days in 2023 but up from 63 in 2022, which GTIG analysts attributed to year-to-year swings reflecting expected variation within an upward trajectory for attacks exploiting zero-days, which the company defines as vulnerabilities exploited in the wild before vendors release patches. They noted t
Keywords: day days exploitation exploited zero
Find related items on AmazonPublished on: 2025-07-29 05:15:36
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. The flaws were added yesterday to CISA's 'Known Exploited Vulnerabilities' (KEV) catalog, with the Broadcom Brocade Fabric OS and Commvault flaws not previously tagged as exploited. Broadcom Brocade Fabric OS is a specialized operating system that runs on the company's Brocade Fi
Keywords: 2025 broadcom exploited fabric os
Find related items on AmazonPublished on: 2025-07-29 21:00:00
Hackers working for governments were responsible for the majority of attributed zero-day exploits used in real-world cyberattacks last year, per new research from Google. Google’s report said that the number of zero-day exploits — referring to security flaws that were unknown to the software makers at the time hackers abused them — had dropped from 98 exploits in 2023 to 75 exploits in 2024. But the report noted that of the proportion of zero-days that Google could attribute — meaning identifyi
Keywords: day exploits google hackers zero
Find related items on AmazonPublished on: 2025-07-28 22:01:48
SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE-2025-31324 and rated critical (CVSS v3 score: 10.0), is an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer, specifically the Metadata Uploader component. It allows attackers to upload malicious executable files without logging in, potentially leading to remote code execution an
Keywords: 2025 code cve exploitation sap
Find related items on AmazonPublished on: 2025-08-02 17:01:48
SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers. The vulnerability, tracked under CVE-2025-31324 and rated critical (CVSS v3 score: 10.0), is an unauthenticated file upload vulnerability in SAP NetWeaver Visual Composer, specifically the Metadata Uploader component. It allows attackers to upload malicious executable files without needing to log in, potentially leading to remote code execu
Keywords: 2025 code cve exploitation sap
Find related items on AmazonPublished on: 2025-08-11 23:05:15
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices. Researchers at the Ruhr University Bochum in Germany disclosed the flaw on Wednesday, warning that all devices running the daemon were vulnerable. "The issue is caused by a flaw in the SSH protocol message handling which allows an attacker to send connection protocol messages prior to authentication," reads a d
Keywords: devices erlang exploits otp ssh
Find related items on AmazonPublished on: 2025-08-13 17:02:08
A remote code execution vulnerability affecting SonicWall Secure Mobile Access (SMA) appliances has been under active exploitation since at least January 2025, according to cybersecurity company Arctic Wolf. This security flaw (CVE-2021-20035) impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v devices and was patched almost four years ago, in September 2021, when SonicWall said it could only be exploited to take down vulnerable appliances in denial-of-service (DoS) attacks. However, the
Keywords: appliances attacks exploited sma sonicwall
Find related items on AmazonPublished on: 2025-08-16 19:54:30
On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability. Tracked as CVE-2021-20035, this security flaw impacts SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v (ESX, KVM, AWS, Azure) devices. Successful exploitation can allow remote threat actors with low privileges to execute arbitrary code in low-complexity attacks. "Improper neutralization of special e
Keywords: attacks exploited sma sonicwall vulnerability
Find related items on AmazonPublished on: 2025-08-26 17:11:22
Hackers started exploiting a high-severity flaw that allows bypassing authentication in the OttoKit (formerly SureTriggers) plugin for WordPress just hours after public disclosure. Users are strongly recommended to upgrade to the latest version of OttoKit/SureTriggers, currently 1.0.79, released at the beginning of the month. The OttoKit WordPress plugin allows users to connect plugins and external tools like WooCommerce, Mailchimp, and Google Sheets, automate tasks like sending emails and add
Keywords: authentication exploitation flaw ottokit plugin
Find related items on AmazonPublished on: 2025-08-31 17:50:45
Today is Microsoft's April 2025 Patch Tuesday, which includes security updates for 134 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday also fixes eleven "Critical" vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 49 Elevation of Privilege Vulnerabilities 9 Security Feature Bypass Vulnerabilities 31 Remote Code Execution Vulnerabilities 17 Information Disclosure Vulnerabilities
Keywords: exploited microsoft updates vulnerabilities windows
Find related items on AmazonPublished on: 2025-08-31 21:21:58
Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. Described as a spoofing issue and tracked as CVE-2025-30401, this security flaw can be exploited by attackers by sending maliciously crafted files with altered file types to potential targets. Meta says the vulnerability impacted all WhatsApp versions and has been fixed with the release of WhatsApp 2.2450.6. "A spoofing i
Keywords: exploited security spyware whatsapp zero
Find related items on AmazonPublished on: 2025-09-01 01:33:42
A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. The attacks attempt to exploit an information disclosure vulnerability first disclosed by an SSD Advisory in May 2024, which published the full exploitation details on retrieving admin credentials in cleartext using a single TCP payload. The exploitation results in an authentication bypass, allowing attackers to execut
Keywords: devices dvr dvrs exploitation greynoise
Find related items on AmazonPublished on: 2025-09-03 23:47:21
How to start? Download and run. To exploit Glamorous Toolkit, you have to program it. To learn how to program it, first learn how to learn inside the environment. Then pick a problem you care about and work your way through it.
Keywords: care environment exploit learn program
Find related items on AmazonPublished on: 2025-09-18 21:29:27
A new report sheds light on the most targeted WordPress plugin vulnerabilities hackers used in the first quarter of 2025 to compromise sites. All four flaws are vulnerabilities discovered and fixed in 2024 but remain unpatched in many cases, giving hackers the opportunity to execute arbitrary code or exfiltrate sensitive data. Among the four flaws, which are all critical severity, are two that are reported as actively exploited for the first time. According to a new Patchstack report, the fou
Keywords: 000 2024 exploitation fixed patchstack
Find related items on AmazonPublished on: 2025-09-22 06:42:48
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser's sandbox and deploy malware in espionage attacks targeting Russian organizations. "Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild," the company said in a security advisory published Tuesday. Tracked as CVE-2025-2783, this vulnerability was discovered by Kaspersky's Boris Larin and Igor Kuznetsov, who described it as an "incorrect handle provided in unspecified circu
Keywords: 2025 2783 attacks exploited kaspersky
Find related items on AmazonPublished on: 2025-09-28 04:05:00
Operation Zero, a company that acquires and sells zero-days exclusively to the Russian government and local Russian companies, announced on Thursday that it’s looking for exploits for the popular messaging app Telegram, and is willing to offer up to $4 million for them. The exploit broker is offering up to $500,000 for a “one-click” remote code execution (RCE) exploit; up to $1.5 million for a zero-click RCE exploit; and up to $4 million for a “full chain” of exploits, presumably referring to a
Keywords: exploit government operation telegram zero
Find related items on AmazonPublished on: 2025-09-29 04:13:01
CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO's Backup & Replication software. Tracked as CVE-2024-48248, this absolute path traversal flaw can be exploited by unauthenticated attackers to read arbitrary files on vulnerable devices. The US-based backup and ransomware recovery software vendor silently patched the security flaw with the release of Backup & Replication v11.0.0.88174 in November, almost two months
Keywords: attacks exploited nakivo security vulnerability
Find related items on AmazonPublished on: 2025-10-15 20:45:15
Today is Microsoft's March 2025 Patch Tuesday, which includes security updates for 57 flaws, including six actively exploited zero-day vulnerabilities. This Patch Tuesday also fixes three "Critical" vulnerabilities, all remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 23 Elevation of Privilege Vulnerabilities 3 Security Feature Bypass Vulnerabilities 23 Remote Code Execution Vulnerabilities 4 Information Disclosure Vulnerabilities 1
Keywords: code exploited flaw microsoft vulnerability
Find related items on AmazonPublished on: 2025-10-16 03:26:58
Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. Tracked as CVE-2024-4577, this PHP-CGI argument injection flaw was patched in June 2024 and affects Windows PHP installations with PHP running in CGI mode. Successful exploitation enables unauthenticated attackers to execute arbitrary code and leads to complete system compromise following successful exploitation. A day after PHP mainta
Keywords: 2024 cve exploitation greynoise php
Find related items on AmazonPublished on: 2025-10-30 10:51:14
CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems. While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it. The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid admi
Keywords: cisa cve exploited security vulnerabilities
Find related items on AmazonPublished on: 2025-11-02 02:27:18
Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. Cellebrite is an Israeli digital forensics company that develops tools used by law enforcement, intelligence agencies, and private companies to extract data from smartphones and other digital devices. Companies like Cellebrite commonly utilize zero-day exploits to access and extract data usually protected on
Keywords: 2024 android cve exploit usb
Find related items on AmazonPublished on: 2025-11-02 17:41:00
Belgium is investigating an alleged data breach of its state security service (VSSE) by Chinese government hackers. In a statement sent to TechCrunch on Friday, the Belgian federal prosecutor’s office said an investigation into a cyberattack was opened in November 2023 after it learned about the alleged breach. This confirms an earlier report by the French-language Belgian newspaper Le Soir, which reported that a Chinese hacking group gained access to the external mail server of the intelligen
Keywords: 2023 barracuda exploited vsse vulnerability
Find related items on AmazonPublished on: 2025-11-04 15:14:51
Eric Zeman / Android Authority TL;DR A flaw in Apple’s Find My network can be exploited to track the location of any Bluetooth device. It lets hackers trick the network into thinking an Android phone or gaming console is an AirTag and then pinpoint its location to within 10 feet. The exploit doesn’t require administrator privileges and works on Bluetooth devices running Linux, Android, or Windows, Smart TVs, gaming consoles, and VR headsets. Apple’s Find My network makes it easy for users to
Keywords: apple bluetooth device exploit network
Find related items on AmazonPublished on: 2025-11-07 18:48:50
Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. Parallels Desktop is a virtualization software that allows Mac users to run Windows, Linux, and other operating systems alongside macOS. It is very popular among developers, businesses, and casual users who need Windows applications on their Macs without rebooting. Security researcher Mickey Jin published the explo
Keywords: desktop exploit jin parallels root
Find related items on AmazonGo K’awiil is a project by nerdhub.co that curates technology news from a variety of trusted sources. We built this site because, although news aggregation is incredibly useful, many platforms are cluttered with intrusive ads and heavy JavaScript that can make mobile browsing a hassle. By hand-selecting our favorite tech news outlets, we’ve created a cleaner, more mobile-friendly experience.
Your privacy is important to us. Go K’awiil does not use analytics tools such as Facebook Pixel or Google Analytics. The only tracking occurs through affiliate links to amazon.com, which are tagged with our Amazon affiliate code, helping us earn a small commission.
We are not currently offering ad space. However, if you’re interested in advertising with us, please get in touch at [email protected] and we’ll be happy to review your submission.