Vulnerabilities Archives – SecurityWeek Cybersecurity News, Insights & Analysis
- Juniper Networks Patches Critical Junos Space Vulnerabilities
by Ionut Arghire on October 10, 2025 at 10:27 amPatches were rolled out for more than 200 vulnerabilities in Junos Space and Junos Space Security Director, including nine critical-severity flaws. The post Juniper Networks Patches Critical Junos Space Vulnerabilities appeared first on SecurityWeek.
- ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilitiesby Ionut Arghire on October 10, 2025 at 9:45 am
The unpatched vulnerabilities allow attackers to execute arbitrary code remotely and escalate their privileges. The post ZDI Drops 13 Unpatched Ivanti Endpoint Manager Vulnerabilities appeared first on SecurityWeek.
- Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Dateby Eduard Kovacs on October 10, 2025 at 9:15 am
Apple has announced significant updates to its bug bounty program, including new categories and target flags. The post Apple Bug Bounty Update: Top Payout $2 Million, $35 Million Paid to Date appeared first on SecurityWeek.
- Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patchingby Eduard Kovacs on October 8, 2025 at 7:45 am
Hundreds of internet-exposed Oracle E-Business Suite instances may still be vulnerable to attacks. The post Exploitation of Oracle EBS Zero-Day Started 2 Months Before Patching appeared first on SecurityWeek.
- Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacksby Ionut Arghire on October 7, 2025 at 9:40 am
The Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek.
- The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warnby Eduard Kovacs on October 7, 2025 at 8:43 am
The Year 2036/2038 problem is a bug that will be triggered in more than a decade, but hackers could exploit it today against ICS and consumer devices. The post The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn appeared first on SecurityWeek.
- Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Riskby Ionut Arghire on October 6, 2025 at 1:06 pm
The flaw could lead to local code execution, allowing attackers to access confidential information on devices running Unity-built applications. The post Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk appeared first on SecurityWeek.
- Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacksby Eduard Kovacs on October 6, 2025 at 7:43 am
Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882. The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek.
- Unauthenticated RCE Flaw Patched in DrayTek Routersby Ionut Arghire on October 3, 2025 at 11:36 am
The security defect can be exploited remotely via crafted HTTP/S requests to a vulnerable deviceโs web user interface. The post Unauthenticated RCE Flaw Patched in DrayTek Routers appeared first on SecurityWeek.
- Organizations Warned of Exploited Meteobridge Vulnerabilityby Ionut Arghire on October 3, 2025 at 10:44 am
Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges. The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek.
