Security News

CrushFTP CEO's feisty response to VulnCheck's CVE for critical make-me-admin bug
2025-03-27 13:20

Screenshot shows company head unhappy, claiming 'real CVE is pending' CrushFTP's CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical...

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
2025-03-27 11:12

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable...

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
2025-03-24 18:55

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500...

Critical flaw in Next.js lets hackers bypass authorization
2025-03-24 16:15

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. [...]

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
2025-03-24 13:07

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no...

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
2025-03-24 09:17

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked...

UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
2025-03-21 13:54

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be...

10 Critical Network Pentest Findings IT Teams Overlook
2025-03-21 11:01

After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that...

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
2025-03-21 05:09

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in...

Critical Cisco Smart Licensing Utility flaws now exploited in attacks
2025-03-20 19:05

Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. [...]