Security News

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
2025-03-27 11:12

CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable...

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
2025-03-24 18:55

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500...

Critical flaw in Next.js lets hackers bypass authorization
2025-03-24 16:15

A critical severity vulnerability has been discovered in the Next.js open-source web development framework, potentially allowing attackers to bypass authorization checks. [...]

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927)
2025-03-24 13:07

A critical vulnerability (CVE-2025-29927) in the open source Next.js framework can be exploited by attackers to bypass authorization checks and gain unauthorized access to web pages they should no...

Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks
2025-03-24 09:17

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked...

UAT-5918 Targets Taiwan's Critical Infrastructure Using Web Shells and Open-Source Tools
2025-03-21 13:54

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be...

10 Critical Network Pentest Findings IT Teams Overlook
2025-03-21 11:01

After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that...

Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility
2025-03-21 05:09

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in...

Critical Cisco Smart Licensing Utility flaws now exploited in attacks
2025-03-20 19:05

Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. [...]

Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist
2025-03-20 18:33

Palming off the blame using an ‘unknown’ best practice didn’t go down well either In patching the latest critical remote code execution (RCE) bug in Backup and Replication, software shop Veeam is...