Google Flags Widespread Exploitation of Windows Security Flaw

Google has warned that hackers are actively and widely exploiting a critical security flaw in Microsoft Windows, raising concerns about potential ransomware attacks and large-scale system compromises. The vulnerability, tracked as CVE-2026-21510, affects the Windows shell, a core component that powers the operating system’s user interface. According to Google’s Threat Intelligence Group, the flaw is […]

Apple 0-Day Flaw Actively Exploited in Targeted Cyberattacks on Individuals

itsecuritynews.info - 12/Feb 05:09

Apple has released emergency security updates for iOS and iPadOS to fix a critical “zero-day” vulnerability that hackers are actively using in...

Hackers Exploiting React Native’s Metro Server in the Wild to Attack Developers

itsecuritynews.info - 03/Feb 17:34

Threat actors are actively exploiting a critical remote code execution vulnerability in React Native’s Metro Development Server to deliver advanced...

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

securityaffairs.co - 04/Feb 22:02

Ransomware groups now exploit VMware ESXi vulnerability CVE-2025-22225, patched by Broadcom in March 2025. The U.S. Cybersecurity and Infrastructure...

Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals

itsecuritynews.info - 12/Feb 03:36

Apple released iOS 26.3 and iPadOS 26.3 on February 11, 2026, patching over 40 vulnerabilities, including a critical zero-day in the dyld component...

Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure

securityaffairs.co - 03/Feb 15:41

Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public...

Hackers Actively Exploit React Native Metro Server to Target Software Developers

itsecuritynews.info - 04/Feb 05:38

Threat actors are exploiting a critical remote code execution vulnerability in React Native’s Metro development server to deploy sophisticated...

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

itsecuritynews.info - 04/Feb 07:38

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to...

CISA Issues Urgent Warning on Microsoft Configuration Manager SQL Injection Vulnerability Under Active Exploitation

itsecuritynews.info - 13/Feb 08:20

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical SQL injection vulnerability in Microsoft Configuration Manager to its...

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

securityaffairs.co - 13/Feb 15:19

Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors...

Gakido CRLF Injection Vulnerability Let Attackers Bypass Security Controls

itsecuritynews.info - 02/Feb 14:13

A critical vulnerability in Gakido, an HTTP client library by HappyHackingSpace, has been discovered that allows attackers to inject arbitrary HTTP...

Rubriques :