-
Apache Parquet exploit tool detect servers vulnerable to critical flaw
A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers.
- May 06, 2025
- 02:16 PM
0
-
Critical Erlang/OTP SSH RCE bug now has public exploits, patch now
Public exploits are now available for a critical Erlang/OTP SSH vulnerability tracked as CVE-2025-32433, allowing unauthenticated attackers to remotely execute code on impacted devices.
- April 19, 2025
- 10:05 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now
A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices.
- April 17, 2025
- 05:34 PM
- 0
-
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab.
- March 19, 2025
- 12:02 PM
- 0
-
Exploits for unpatched Parallels Desktop flaw give root on Macs
Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices.
- February 24, 2025
- 10:48 AM
- 0
-
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS
Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication.
- February 14, 2025
- 04:20 PM
- 0
-
zkLend loses $9.5M in crypto heist, asks hacker to return 90%
Decentralized money lender zkLend suffered a breach where threat actors exploited a smart contract flaw to steal 3,600 Ethereum, worth $9.5 million at the time.
- February 12, 2025
- 06:08 PM
- 1
-
SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application.
- February 11, 2025
- 10:56 AM
- 3
-
Zyxel won’t patch newly exploited flaws in end-of-life routers
Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models.
- February 04, 2025
- 04:22 PM
- 4
-
Canadian charged with stealing $65 million using DeFI crypto exploits
The U.S. Justice Department has charged a Canadian man with stealing roughly $65 million after exploiting two decentralized finance (DeFI) protocols.
- February 03, 2025
- 02:20 PM
- 0
-
Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025
The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days.
- January 24, 2025
- 08:00 AM
- 0
-
CISA: Hackers still exploiting older Ivanti bugs to breach networks
CISA and the FBI warned today that attackers are still exploiting Ivanti Cloud Service Appliances (CSA) security flaws patched since September to breach vulnerable networks.
- January 23, 2025
- 11:51 AM
- 0
-
Tesla EV charger hacked twice on second day of Pwn2Own Tokyo
Security researchers hacked Tesla's Wall Connector electric vehicle charger twice on the second day of the Pwn2Own Automotive 2025 hacking contest.
- January 23, 2025
- 10:24 AM
- 0
-
Cisco warns of denial of service flaw with PoC exploit code
Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code.
- January 22, 2025
- 01:47 PM
- 0
-
Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025
On the first day of Pwn2Own Automotive 2025, security researchers exploited 16 unique zero-days and collected $382,750 in cash awards.
- January 22, 2025
- 09:38 AM
- 2
-
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server.
- January 11, 2025
- 10:21 AM
- 0
-
New Mirai botnet targets industrial routers with zero-day exploits
A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices.
- January 07, 2025
- 03:44 PM
- 1
-
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept exploit code.
- December 23, 2024
- 02:58 PM
- 0
-
Exploit released for critical WhatsUp Gold RCE flaw, patch now
A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible.
- December 03, 2024
- 02:00 PM
- 0
-
Hackers exploit ProjectSend flaw to backdoor exposed servers
Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers.
- November 27, 2024
- 04:00 PM
- 0
0
