Aggregator

Submit #563522 / VDB-307398

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2025-3248 Langflow Missing Authentication Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

This week we’re celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community’s significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration’s Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size

Submit #561628 / VDB-307397

Submit #561626 / VDB-307396

Submit #561625 / VDB-307395

Submit #553644 / VDB-307394

Microsoft has silently fixed an issue that broke Start Menu jump lists for all apps on systems running Windows 10, version 22H2. [...]

Submit #483834 / VDB-307392

For the latest discoveries in cyber research for the week of 5th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Three major UK retailers – Co-op, Harrods and Marks & Spencer (M&S) – were hit by cyberattacks that disrupted operations and compromised sensitive data. The attacks are believed linked to the Scattered […]

The post 5th May – Threat Intelligence Report appeared first on Check Point Research.

Submit #563175 / VDB-307391

Submit #563102 / VDB-307390

A vulnerability was suspected in Lingxing ERP 2. This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all. The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof.

A vulnerability was suspected in Lingxing ERP 2. This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all. The vendor was not able to verify the existence of the original vulnerability report and the researcher was not able to provide further proof.

Submit #563515 / VDB-307389

What if attackers aren't breaking in—they're already inside, watching, and adapting? This week showed a sharp rise in stealth tactics built for long-term access and silent control. AI is being used to shape opinions. Malware is hiding inside software we trust. And old threats are returning under new names. The real danger isn’t just the breach—it’s not knowing who’s still lurking in your

Currently trending CVE - Hype Score: 1 - Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an __class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025.

Currently trending CVE - Hype Score: 9

Currently trending CVE - Hype Score: 1 - Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk.

Currently trending CVE - Hype Score: 1 - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH protocol message handling, ...