Broadcom patched five flaws in VMware Aria Operations and Aria Operations for Logs that could lead to privilege escalation and credential theft. Broadcom addressed the following vulnerabilities in VMware Aria Operations and Aria Operations for Logs: The above vulnerabilities impact…
Tag: Security Affairs
DeepSeek database exposed highly sensitive information
Chinese AI platform DeepSeek has publicly exposed two databases containing highly sensitive user and backend details. Wiz Research discovered a publicly accessible ClickHouse database belonging to DeepSeek, exposing chat history, secret keys, and backend details. After responsible disclosure, DeepSeek promptly…
Operation Talent: An international law enforcement operation seized Cracked, Nulled and other cybercrime websites
An international law enforcement operation targeted several major cybercrime websites, including Cracked, Nulled, Sellix, and StarkRDP. An international law enforcement operation led by Europol, code-named Operation Talent, dismantled several major cybercrime sites, including Cracked, Nulled, Sellix, and StarkRDP. The message…
TeamViewer fixed a vulnerability in Windows client and host applications
TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications. TeamViewer released security patches for a high-severity elevation of privilege vulnerability, tracked as CVE-2025-0065 (CVSS score of 7.8), in its remote access solutions for Windows.…
PHP package Voyager flaws expose to one-click RCE exploits
The open-source PHP package Voyager is affected by three vulnerabilities that could be exploited to achieve one-click remote code execution on affected instances. Voyager is a popular open-source PHP package for managing Laravel applications, offering an admin interface, BREAD operations, media, and…
Italy’s Data Protection Authority Garante requested information from Deepseek
Italy’s data privacy regulator Garante has requested information from Chinese AI company DeepSeek regarding its data practices. Italy’s Data Protection Authority Garante has asked the AI firm DeepSeek to clarify its data collection, sources, purposes, legal basis, and storage, citing…
Aquabot variant v3 targets Mitel SIP phones
A new variant of the Mirai-based botnet Aquabot targets vulnerable Mitel SIP phones to recruit them into a DDoS botnet. Akamai researchers spotted a new variant of the Mirai-based botnet Aquabot that is targeting vulnerable Mitel SIP phones. Aquabot is…
U.S. CISA adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products’ flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple Multiple Products Use-After-Free Vulnerability, tracked as CVE-2025-24085, to its Known Exploited Vulnerabilities (KEV) catalog. This…
Critical remote code execution bug found in Cacti framework
A critical flaw in Cacti open-source network monitoring and fault management framework that could allow remote code execution. Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management framework for users. A critical vulnerability, tracked…
Attackers actively exploit a critical zero-day in Zyxel CPE Series devices
Experts warn that threat actors are actively exploiting critical zero-day vulnerability, tracked as CVE-2024-40891, in Zyxel CPE Series devices. GreyNoise researchers are observing active exploitation attempts targeting a zero-day, tracked as CVE-2024-40891, in Zyxel CPE Series devices. The vulnerability is a command…