Vulnerability – WindowsTechs.com

SSL.com Scrambles to Patch Certificate Issuance Vulnerability

Posted on April 22, 2025 by Ionut Arghire

A vulnerability in SSL.com has resulted in nearly a dozen certificates for legitimate domains being wrongly issued.
The post SSL.com Scrambles to Patch Certificate Issuance Vulnerability appeared first on SecurityWeek.
Continue reading SSL.com Scrambles to Patch Certificate Issuance Vulnerability →

PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)

Posted on April 22, 2025 by Zeljka Zorz

There are now several public proof-of-concept (PoC) exploits for a maximum-severity vulnerability in the Erlang/OTP SSH server (CVE-2025-32433) unveiled last week. “All users running an SSH server based on the Erlang/OTP SSH library are likely to… Continue reading PoC exploit for critical Erlang/OTP SSH bug is public (CVE-2025-32433)→

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks

Posted on April 21, 2025 by Deeba Ahmed

Government-backed hacking groups from North Korea (TA427), Iran (TA450), and Russia (UNK_RemoteRogue, TA422) are now using the ClickFix… Continue reading North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks→

Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)

Posted on April 18, 2025 by Zeljka Zorz

CVE-2021-20035, an old vulnerability affecting Sonicwall Secure Mobile Access (SMA) 100 series appliances, is being exploited by attackers. Sonicwall confirmed it by updating the original security advisory to reflect the new state of play, and by chang… Continue reading Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)→

CISA Urges Action on Potential Oracle Cloud Credential Compromise

Posted on April 17, 2025 by Deeba Ahmed

Following reports of unauthorized access to a legacy Oracle cloud environment, CISA warns of potential credential compromise leading… Continue reading CISA Urges Action on Potential Oracle Cloud Credential Compromise→

Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH

Posted on April 17, 2025 by Waqas

Security researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed… Continue reading Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH→

Mass Ransomware Campaign Hits S3 Buckets Using Stolen AWS Keys

Posted on April 17, 2025 by Deeba Ahmed

Researchers reveal a large-scale ransomware campaign leveraging over 1,200 stolen AWS access keys to encrypt S3 buckets. Learn… Continue reading Mass Ransomware Campaign Hits S3 Buckets Using Stolen AWS Keys→

Vulnerabilities Patched in Atlassian, Cisco Products

Posted on April 17, 2025 by Ionut Arghire

Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.
The post Vulnerabilities Patched in Atlassian, Cisco Products appeared first on SecurityWeek.
Continue reading Vulnerabilities Patched in Atlassian, Cisco Products→

Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)

Posted on April 17, 2025 by Zeljka Zorz

CVE-2025-24054, a Windows NTLM hash disclosure vulnerability that Microsoft has issued patches for last month, has been leveraged by threat actors in campaigns targeting government and private institutions in Poland and Romania. “Active exploitat… Continue reading Windows NTLM vulnerability exploited in multiple attack campaigns (CVE-2025-24054)→

Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking

Posted on April 17, 2025 by Eduard Kovacs

Servers exposed to complete takeover due to CVE-2025-32433, an unauthenticated remote code execution flaw in Erlang/OTP SSH.
The post Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking appeared first on SecurityWeek.
Continue reading Critical Erlang/OTP SSH Flaw Exposes Many Devices to Remote Hacking→