Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Chinese APT IronHusky Deploys Updated MysterySnail RAT on Russia

Kaspersky researchers report the reappearance of MysterySnail RAT, a malware linked to Chinese IronHusky APT, targeting Mongolia and…

HackRead
Open in Source
#vulnerability#web#mac#cisco#git#intel#backdoor#zero_day#mongo#sap
Apple patches security vulnerabilities in iOS and iPadOS. Update now!

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited...

Hertz Confirms Data Breach After Hackers Stole Customer PII

Hertz confirms data breach linked to Cleo software flaw; Cl0p ransomware group leaked stolen data, exposing names, driver’s…

Hertz Falls Victim to Cleo Zero-Day Attacks

Customer data such as birth dates, credit card numbers, and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file-transfer products.

Hertz data breach caused by CL0P ransomware attack on vendor

Car rental giant Hertz data suffered a data breach caused by a CL0P ransomware attack on file sharing vendor Cleo

Delta Electronics COMMGR

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: COMMGR Vulnerability: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 2. RISK EVALUATION Successful exploitation of this vulnerability could allow for an attacker to remotely access the AS3000Simulator family in the COMMGR software and execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of COMMGR, a software management platform that contain virtual PLCs, are affected: COMMGR (Version 1): All versions COMMGR (Version 2): All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF CRYPTOGRAPHICALLY WEAK PSEUDO-RANDOM NUMBER GENERATOR (PRNG) CWE-338 The software uses insufficiently randomized values to generate session IDs. An attacker could easily brute force a session ID and load and execute arbitrary code. CVE-2025-3495 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calcu...

Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution

A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Attackers aren’t waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week’s events show a hard truth: it’s not enough to react after an attack. You have to assume that any system you trust today could fail tomorrow. In a world

Zero-Day in CentreStack File-Sharing Platform Under Attack

Gladinet's platform is widely used among managed service providers, and a critical deserialization flaw could put MSP customers in jeopardy.

PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware

Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. "The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in