Vulnerabilities Archives – SecurityWeek Cybersecurity News, Insights & Analysis
- Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks
by Ionut Arghire on October 7, 2025 at 9:40 amThe Medusa ransomware operators exploited the GoAnywhere MFT vulnerability one week before patches were released. The post Fortra GoAnywhere MFT Zero-Day Exploited in Ransomware Attacks appeared first on SecurityWeek.
- The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warnby Eduard Kovacs on October 7, 2025 at 8:43 am
The Year 2036/2038 problem is a bug that will be triggered in more than a decade, but hackers could exploit it today against ICS and consumer devices. The post The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn appeared first on SecurityWeek.
- Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Riskby Ionut Arghire on October 6, 2025 at 1:06 pm
The flaw could lead to local code execution, allowing attackers to access confidential information on devices running Unity-built applications. The post Microsoft and Steam Take Action as Unity Vulnerability Puts Games at Risk appeared first on SecurityWeek.
- Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacksby Eduard Kovacs on October 6, 2025 at 7:43 am
Oracle has informed customers that it has patched a critical remote code execution vulnerability tracked as CVE-2025-61882. The post Oracle E-Business Suite Zero-Day Exploited in Cl0p Attacks appeared first on SecurityWeek.
- Unauthenticated RCE Flaw Patched in DrayTek Routersby Ionut Arghire on October 3, 2025 at 11:36 am
The security defect can be exploited remotely via crafted HTTP/S requests to a vulnerable device’s web user interface. The post Unauthenticated RCE Flaw Patched in DrayTek Routers appeared first on SecurityWeek.
- Organizations Warned of Exploited Meteobridge Vulnerabilityby Ionut Arghire on October 3, 2025 at 10:44 am
Patched in mid-May, the security defect allows remote unauthenticated attackers to execute arbitrary commands with root privileges. The post Organizations Warned of Exploited Meteobridge Vulnerability appeared first on SecurityWeek.
- Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilitiesby Ionut Arghire on October 3, 2025 at 8:37 am
High-severity flaws were patched in Chrome’s WebGPU and Video components, and in Firefox’s Graphics and JavaScript Engine components. The post Chrome 141 and Firefox 143 Patches Fix High-Severity Vulnerabilities appeared first on SecurityWeek.
- OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacksby Eduard Kovacs on October 1, 2025 at 1:59 pm
Three vulnerabilities have been patched with the release of OpenSSL updates. The post OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks appeared first on SecurityWeek.
- Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerabilityby Ionut Arghire on October 1, 2025 at 9:25 am
Impacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM. The post Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability appeared first on SecurityWeek.
- High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenterby Ionut Arghire on September 30, 2025 at 11:33 am
The flaws could allow attackers to escalate privileges, manipulate notifications, and enumerate usernames. The post High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter appeared first on SecurityWeek.
