Tag

Exploitation

All articles tagged with #exploitation

security7 days ago•2 min saved

CISA Flags Four Actively Exploited Flaws in KEV Update and Urges Patch

CISA added four flaws to the Known Exploited Vulnerabilities catalog due to active exploitation: CVE-2026-2441 (Chrome use-after-free), CVE-2024-7694 (TeamT5 ThreatSonar Anti-Ransomware arbitrary file upload leading to command execution), CVE-2020-7796 (Zimbra Collaboration Server SSRF), and CVE-2008-0015 (Windows Video ActiveX buffer overflow). Google confirms an in-the-wild exploit for CVE-2026-2441; GreyNoise documents about 400 IPs exploiting CVE-2020-7796 across several countries; the CVE-2008-0015 exploit can download additional malware like Dogkild and alter system files/hosts. The TeamT5 exploitation vector remains unclear. Federal agencies are urged to patch by March 10, 2026.

via The Hacker News|

#cisa #exploitation #kev

world9 days ago•1 min saved

Northern Sweden husband accused of pimping wife to about 120 men

A man in his 60s from northern Sweden is suspected of exploiting his wife by selling sex with her to at least 120 men; in custody since October, he faces aggravated procuring charges, while two men who bought sex from the wife have already been charged and more are likely; Swedish law criminalizes buying sex and procuring it, with sellers treated as exploited; indictment against the husband is set for March 13 and the trial will follow.

via AP News|

#aggravated-procuring #exploitation #note-avoid-duplicate

security1 month ago•1 min saved

CISA Flags VMware vCenter RCE Flaw CVE-2024-37079 as Actively Exploited

CISA added CVE-2024-37079, a critical heap-overflow flaw in Broadcom VMware vCenter Server, to the KEV catalog after evidence of active exploitation; Broadcom patched CVE-2024-37079 (and CVE-2024-37080) in June 2024, with researchers Hao Zheng and Zibo Li linking related DCE/RPC flaws; a Black Hat Asia 2025 presentation notes two additional CVEs (CVE-2024-38812/38813) patched later, and federal agencies must upgrade to the latest version by Feb 13, 2026 to stay protected.

via The Hacker News|

#cisa #cve-2024-37079 #exploitation

cybersecurity1 month ago•3 min saved

CISA warns four enterprise flaws actively exploited across Versa, Zimbra, Vite, and Prettier

CISA has added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2025-31125 and CVE-2025-34026 affecting Versa software (including the Concerto SD-WAN) via dev-exposure and Traefik misconfig, CVE-2025-68645 in Zimbra Webmail Classic UI (local file inclusion), and a supply-chain issue in eslint-config-prettier (CVE-2025-54313) tied to Prettier. Patches or mitigations exist for affected products; US federal agencies must apply updates or stop using the products by February 12, 2026. The status of ransomware-related exploitation remains unknown.

via BleepingComputer|

#cisa #cybersecurity #enterprise-software

network-security2 months ago•2 min saved

WatchGuard Fireware OS VPN and Firewall Vulnerabilities Under Active Exploitation

WatchGuard has issued patches for a critical VPN security flaw in Fireware OS (CVE-2025-14733) that is actively being exploited in the wild, affecting multiple versions and configurations. Threat actors are targeting affected devices, with indicators of compromise provided. Users are urged to update their systems immediately and follow mitigation steps to prevent exploitation.

via The Hacker News|

#cve-2025-14733 #exploitation #fireware-os

world2 months ago•16 min saved

Few Farms Join Program to Prevent Farmworker Exploitation

The article discusses the persistent exploitation of farmworkers in the U.S. and highlights the potential of the Fair Food Program, which has improved conditions for workers on participating farms like Pacific Tomato Growers. Despite its success, most farms resist joining due to costs and industry opposition, limiting the program's reach and impact on farmworker rights.

via ProPublica|

#agriculture #exploitation #fair-food-program

cybersecurity2 months ago•3 min saved

CISA Adds OpenPLC ScadaBR XSS Vulnerability to KEV Amid Exploits

CISA has added the actively exploited CVE-2021-26829 XSS vulnerability in OpenPLC ScadaBR to its KEV catalog, highlighting ongoing threats from hacktivist groups like TwoNet, which exploited this flaw in a honeypot to deface a system. The attack involved using default credentials and web application layer exploits, with federal agencies required to patch by December 19, 2025. Additionally, a long-running exploit operation targeting Brazil has been observed, utilizing legitimate cloud infrastructure to evade detection.

via The Hacker News|

#cisa #cve-2021-26829 #cybersecurity

security4 months ago•4 min saved

Microsoft WSUS Vulnerability Under Active Attack, Urgent Updates Issued

A critical vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is actively exploited by threat actors across multiple organizations, despite Microsoft releasing an emergency patch. The flaw allows unauthenticated remote code execution, and attackers are conducting reconnaissance and data exfiltration, posing a significant risk to affected servers. Experts warn that the vulnerability's ease of exploitation and the patch's incomplete fix increase the threat landscape, urging organizations to apply updates promptly.

via theregister.com|

#cve-2025-59287 #cybersecurity #exploitation

security4 months ago•3 min saved

Active Exploitation of Critical Windows Server WSUS Vulnerability Prompts Urgent Patch

A critical vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287, has been exploited by attackers shortly after an emergency patch was issued. The flaw allows remote code execution and affects Windows Server versions 2012-2025. Despite Microsoft releasing a fix, security researchers warn that the patch may not fully mitigate the risk, and exploitation activity has been observed, especially targeting exposed WSUS instances. Experts advise organizations to ensure their systems are properly patched and not exposed to the internet to prevent compromise.

via theregister.com|

#cve-2025-59287 #exploitation #patch-update

commentary4 months ago•9 min saved

The Hidden Dangers of Neighborly Relations and Lessons Learned

Netflix's documentary 'The Perfect Neighbor' highlights a tragic incident involving police footage and the suffering of children, raising concerns about the exploitation of trauma and the ethical boundaries of true crime storytelling.

via Salon.com|

#commentary #exploitation #netflix

cybersecurity4 months ago•2 min saved

Microsoft Warns of Ransomware Attacks Exploiting Critical GoAnywhere Bug

A critical vulnerability in Fortra's GoAnywhere MFT (CVE-2025-10035) has been exploited by the cybercrime group Storm-1175 in Medusa ransomware attacks since September 2025, leading to widespread compromises and urging organizations to update their systems to prevent further damage.

via BleepingComputer|

#cve-2025-10035 #cybersecurity #exploitation

technology5 months ago•2 min saved

Active Exploitation of Cisco IOS Zero-Day Vulnerability Affects Up to 2 Million Devices

Cisco has disclosed a actively exploited zero-day vulnerability (CVE-2025-20352) in its IOS and IOS XE software, affecting SNMP protocols and allowing remote code execution or DoS attacks. The flaw, rooted in a stack overflow, impacts all versions with SNMP enabled and has been exploited in the wild after attackers compromised administrator credentials. Cisco recommends immediate software updates and offers mitigation strategies, emphasizing the importance of strong credential management and restricted SNMP access.

via Cyber Security News|

#0day #cisco #exploitation

technology5 months ago•4 min saved

Meta Faces Backlash Over Use of Schoolgirl Photos in Ads

Meta used publicly posted photos of schoolgirls in their teens to promote its platform Threads, targeting adult users, which has sparked outrage among parents and privacy advocates due to concerns over exploitation and inappropriate targeting. Meta claims the images did not violate policies and were used as part of recommendation tools, but critics argue this practice is highly inappropriate and risky for children's safety.

via The Guardian|

#advertising #childrens-privacy #exploitation

world5 months ago•2 min saved

Dubai 'Porta Potty Parties' Uncover Sex Trafficking and Exploitation Scandal

A young woman revealed her traumatic experience of being forced to attend 'porta-potty' parties in Dubai, where she was pressured into performing humiliating and disturbing acts involving bodily fluids, with allegations of exploitation, poor living conditions, and police indifference. The case has garnered attention amid broader concerns about abuse and trafficking in the region, though many details remain unverified.

via The Tab|

#dubai #exploitation #human-rights

world5 months ago•4 min saved

Exposé on Dubai 'porta potty' sex parties and trafficking ring

A BBC investigation reveals disturbing stories of women trafficked to Dubai under false pretenses, forced into prostitution, subjected to degrading acts including 'porta potty' parties, and facing racial discrimination, with some women falling to their deaths amid ongoing investigations.

via LADbible|

#bbc-investigation #dubai #exploitation