VulnHub

Real-time Cybersecurity News

Articles tagged "Exploit"

Found 12 articles

Threat Actors Exploit Calendar Subscriptions for Phishing and Malware Delivery

Infosecurity Magazine

Actively Exploited

BitSight research highlights a significant cybersecurity threat where threat actors exploit calendar subscriptions to deliver phishing links and malware via hijacked domains. This method poses a serious risk as it can lead to social engineering attacks, potentially compromising sensitive information and systems.

Impact: Calendar applications, email clients, and users of hijacked domains.
Remediation: Users should be cautious about accepting calendar subscriptions from unknown sources and regularly review their calendar settings for any unauthorized subscriptions. Implementing email filtering and security awareness training can also mitigate risks.
PhishingExploitMalware
Read Original
Rockwell Automation Arena Simulation

All CISA Advisories

Rockwell Automation's Arena Simulation software has a stack-based buffer overflow vulnerability that could allow local attackers to execute arbitrary code. The vulnerability, identified as CVE-2025-11918, has a CVSS v4 score of 7.1, indicating a significant risk for affected installations, particularly in critical manufacturing sectors.

Impact: Affected products include Rockwell Automation's Arena Simulation version 16.20.10 and prior.
Remediation: Users are advised to upgrade Arena Simulation to version 16.20.11 or later. For those unable to upgrade, Rockwell Automation recommends following security best practices. CISA also suggests minimizing network exposure for control systems, using firewalls, and implementing secure remote access methods like VPNs.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

The Hacker News

Actively Exploited

This week, significant cybersecurity threats emerged as hackers exploited new 0-day vulnerabilities in Fortinet and Chrome, infiltrating supply chains and SaaS tools. The rapid response from major companies like Microsoft, Salesforce, and Google highlights the severity of these attacks and the ongoing challenges in securing trusted applications and software updates.

Impact: Fortinet, Chrome, Microsoft, Salesforce, Google
Remediation: Stopping DDoS attacks, blocking bad links, fixing live flaws
MicrosoftGoogleFortinetExploitMalwareDDoS
Read Original
To buy or not to buy: How cybercriminals capitalize on Black Friday

Securelist

Cybercriminals intensify their activities during Black Friday, utilizing tactics such as phishing, scams, and malware to exploit online shoppers and gamers. The severity of these threats underscores the importance of vigilance among consumers, as fake sales and malicious activities proliferate during this shopping season.

Impact: Online shoppers, gamers, and potentially any consumer engaging in Black Friday sales.
Remediation: Consumers should remain vigilant against phishing attempts, verify the authenticity of sales, and use security software to protect against malware.
PhishingExploitMalware
Read Original
​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

All CISA Advisories

Actively Exploited

CISA has identified that various cyber threat actors are using commercial spyware to target users of mobile messaging applications, employing tactics such as phishing, zero-click exploits, and impersonation. The focus is primarily on high-value individuals including government and military officials, indicating a serious threat to sensitive communications.

Impact: Mobile messaging applications including Signal and WhatsApp.
Remediation: Users are encouraged to review the updated Mobile Communications Best Practice Guidance and Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society for steps to protect mobile communications and messaging apps.
macOSiOSAndroidPhishingGoogleExploit+2 more
Read Original
Festo Didactic products

All CISA Advisories

The article details a critical vulnerability (CVE-2023-26293) in Festo Didactic products, specifically related to improper input validation in Siemens TIA-Portal versions V15 to V18, which could allow attackers to create or overwrite arbitrary files. With a CVSS v3.1 score of 7.8, this vulnerability poses significant risks to engineering systems and requires immediate attention from users to mitigate potential exploitation.

Impact: Affected products include Siemens TIA-Portal V15 prior to V17 Update 6, Siemens TIA-Portal V18 prior to V18 Update 1, all versions of Festo Hardware MES PC, and all versions of Festo Hardware TP260 (before June 2023). Vendor: Festo SE & Co. KG.
Remediation: Festo recommends users of affected devices to update TIA-Portal to the latest versions. Specifically, users should update to Siemens TIA-Portal V17 Update 6 or later and Siemens TIA-Portal V18 Update 1 or later. For further details, refer to Siemens SSA-116924 and Festo's security advisory FSA-202303.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
Automated Logic WebCTRL Premium Server

All CISA Advisories

The Automated Logic WebCTRL Premium Server has critical vulnerabilities, including an Open Redirect and Cross-site Scripting, with a CVSS v4 score of 8.6. Successful exploitation could allow remote attackers to redirect users to malicious sites or execute malicious scripts in their browsers, posing significant security risks.

Impact: Affected products include: Automated Logic WebCTRL Server (Versions 6.1, 7.0, 8.0, 8.5), Carrier i-Vu (Versions 6.1, 7.0, 8.0, 8.5), Automated Logic SiteScan Web (Versions 6.1, 7.0, 8.0, 8.5), and Automated Logic WebCTRL for OEMs (Versions 6.1, 7.0, 8.0, 8.5). Vendor: Automated Logic.
Remediation: Users are advised to upgrade to WebCTRL version 9.0, as vulnerabilities have been remediated in this version. WebCTRL 7.0, WebCTRL 6.1, and i-Vu 6.0 are out of support. Users should follow Automated Logic's Security Best Practices Checklists for Building Automation Systems (BAS) to align with best practices installation guidelines. CISA recommends minimizing network exposure for control system devices, using firewalls, and employing secure remote access methods like VPNs.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
Festo MSE6-C2M/D2M/E2M

All CISA Advisories

The Festo MSE6-C2M/D2M/E2M series has a critical vulnerability (CVE-2023-3634) that allows remote authenticated attackers to exploit undocumented test modes, leading to severe risks including loss of confidentiality, integrity, and availability. This vulnerability has a CVSS score of 8.8, indicating a high severity level and necessitating immediate attention and remediation.

Impact: Affected products include: MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L4-AGD, MSE6-C2M-5000-FB36-D-M-RG-BAR-M12L5-AGD, MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L4-MQ1-AGD, MSE6-C2M-5000-FB43-D-M-RG-BAR-M12L5-MQ1-AGD, MSE6-C2M-5000-FB44-D-M-RG-BAR-AMI-AGD, MSE6-C2M-5000-FB44-D-RG-BAR-AMI-AGD, MSE6-D2M-5000-CBUS-S-RG-BAR-VCB-AGD, MSE6-E2M-5000-FB13-AGD, MSE6-E2M-5000-FB36-AGD, MSE6-E2M-5000-FB37-AGD, MSE6-E2M-5000-FB43-AGD, MSE6-E2M-5000-FB44-AGD. Vendor: Festo SE & Co. KG.
Remediation: Festo has updated the user documentation in the next product version to address this issue. Recommended defensive measures include minimizing network exposure for control systems, using firewalls, and secure remote access methods like VPNs. Organizations should also perform impact analysis and risk assessments before deploying defensive measures.
PhishingCVEExploitVulnerabilityUpdateCritical
Read Original
Blockchain and Node.js abused by Tsundere: an emerging botnet

Securelist

Actively Exploited

Kaspersky GReAT experts have identified the Tsundere botnet, which utilizes Node.js-based bots to exploit web3 smart contracts. The campaign poses a significant cybersecurity threat as it spreads through MSI installers and PowerShell scripts, indicating a sophisticated method of propagation.

Impact: Node.js, web3 smart contracts, MSI installers, PowerShell scripts
Remediation: Implement security measures to monitor and restrict the use of MSI installers and PowerShell scripts. Regularly update and patch Node.js environments and web3 applications.
ExploitBotnetMalware
Read Original
NHS Warns of PoC Exploit for 7-Zip Symbolic Link–Based RCE Vulnerability

The Hacker News

The NHS England Digital has issued a warning regarding a security vulnerability in 7-Zip, identified as CVE-2025-11001, which allows for remote code execution through symbolic links. Although no active exploitation has been observed, a public proof-of-concept exploit exists, raising concerns about potential future threats.

Impact: 7-Zip software, specifically versions affected by CVE-2025-11001.
Remediation: Users are advised to update to the latest version of 7-Zip to mitigate the risk associated with this vulnerability. Additionally, monitoring for any updates from the vendor regarding patches or security advisories is recommended.
CVEExploitVulnerabilityUpdateRCE
Read Original
ServiceNow AI Agents Can Be Tricked Into Acting Against Each Other via Second-Order Prompts

The Hacker News

Malicious actors can exploit vulnerabilities in ServiceNow's Now Assist AI platform through second-order prompt injection attacks, allowing unauthorized actions and potential data exfiltration. This issue highlights significant security risks associated with default configurations in generative AI systems.

Impact: ServiceNow's Now Assist generative artificial intelligence platform
Remediation: Review and adjust default configurations in ServiceNow's Now Assist to prevent prompt injection attacks. Implement security best practices for generative AI systems.
Exploit
Read Original