SecurityOnline

NVIDIA Releases Security Update for Container Toolkit and GPU Operator

The security update released by NVIDIA addresses three security flaws that could potentially allow attackers to execute malicious code, escalate privileges, or launch denial-of-service attacks.

AWS Patches Vulnerabilities in WorkSpaces, AppStream 2.0, and DCV Clients

These vulnerabilities, identified as CVE-2025-0500 and CVE-2025-0501, carry a CVSSv4 score of 7.7. The vulnerabilities, if exploited, could allow attackers to perform man-in-the-middle (MITM) attacks, granting unauthorized access to remote sessions.

Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution

Veeam disclosed a critical vulnerability in its Veeam Backup for Microsoft Azure product. Identified as CVE-2025-23082, this Server-Side Request Forgery (SSRF) vulnerability carries a CVSS score of 7.2, placing it in the high-severity category.

Popular WordPress Caching Plugin Exposes Millions of Sites to Attack

Any website using W3 Total Cache version 2.8.1 or earlier is vulnerable. Given the plugin’s popularity with over 1 million active installations, this represents a significant portion of the WordPress ecosystem.

Critical Vulnerability Threatens STEALTHONE Network Storage Servers

JPCERT/CC has issued a warning regarding multiple vulnerabilities affecting STEALTHONE D220, D340, and D440 network storage servers, urging users to update their firmware immediately.

Code Execution Vulnerability Found in Kubernetes Windows Nodes

The vulnerability resides in the Kubelet component of Kubernetes and is specific to Windows worker nodes. Attackers with the ability to query a node’s /logs endpoint can craft malicious inputs to exploit the vulnerability.

Critical Vulnerability Found in Rasa Framework Enables Remote Code Execution

A critical-severity vulnerability (CVE-2024-49375) has been identified in the popular open-source Rasa framework. This flaw, which carries a CVSS score of 9.1, allows attackers to achieve RCE through the remote loading of maliciously crafted models.

ECOVACS Patches Critical WiFi RCE Vulnerability CVE-2024-42911 in Deebot Robot Vacuums

The critical remote code execution (RCE) vulnerability, tracked as CVE-2024-42911, could allow attackers to compromise vulnerable devices remotely under specific technical conditions.

LummaC2 Infostealer Malware Spreads via Crack Programs and Phishing

The initial malicious payload, disguised as an HTA file named web44.mp4, leverages the mshta.exe process for execution. Despite its misleading file extension, this file is obfuscated, making detection challenging.

New macOS PoC Exploit for CVE-2024-54498 Breaks Sandbox Security

The CVE-2024-54498 vulnerability, with a CVSS score of 8.8 (High severity), allows applications to bypass macOS sandbox restrictions, effectively granting them free rein over the user’s system.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags