The Mirai-based Aquabot botnet has been targeting a vulnerability in Mitel SIP phones for which a proof-of-concept (PoC) exploit exists.
The post Aquabot Botnet Targeting Vulnerable Mitel Phones appeared first on SecurityWeek.
SimpleHelp Remote Access Software Exploited in Attacks
Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities.
The post SimpleHelp Remote Access Software Exploited in Attacks appeared first on SecurityWeek.
SonicWall Confirms Exploitation of New SMA Zero-Day
SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild.
The post SonicWall Confirms Exploitation of New SMA Zero-Day appeared first on SecurityWeek.
Apple Patches First Exploited iOS Zero-Day of 2025
Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks.
The post Apple Patches First Exploited iOS Zero-Day of 2025 appeared first on SecurityWeek.
Building Automation Protocols Increasingly Targeted in OT Attacks: Report
Industrial automation protocols continue to be the most targeted in OT attacks, but building automation systems have been increasingly targeted.
The post Building Automation Protocols Increasingly Targeted in OT Attacks: Report appeared first on SecurityWeek.
CISA Warns of Old jQuery Vulnerability Linked to Chinese APT
CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog.
The post CISA Warns of Old jQuery Vulnerability Linked to Chinese APT appeared first on SecurityWeek.
Critical Zimbra Vulnerability Exploited One Day After PoC Release
A critical-severity vulnerability in Zimbra has been exploited in the wild to deploy a web shell on vulnerable servers.
The post Critical Zimbra Vulnerability Exploited One Day After PoC Release appeared first on SecurityWeek.
Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities
CISA warns that years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers are exploited in the wild.
The post Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities appeared first on SecurityWeek.
Third Recent Ivanti Vulnerability Exploited in the Wild
CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild.
The post Third Recent Ivanti Vulnerability Exploited in the Wild appeared first on SecurityWeek.
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.
The post Ivanti Warns of Second CSA Vulnerability Exploited in Attacks appeared first on SecurityWeek.