tldrdailynews.com logo
Tag

Active Exploitation

All articles tagged with #active exploitation

Adobe Rolls Emergency Patch for Acrobat CVE-2026-34621 Zero-Day
technology1 month ago

Adobe Rolls Emergency Patch for Acrobat CVE-2026-34621 Zero-Day

Adobe issued emergency patches for CVE-2026-34621, a prototype-pollution vulnerability in Acrobat Reader that is being exploited in the wild and could allow arbitrary code execution; affected products include Acrobat DC, Reader DC, and Acrobat 2024, with fixes to 26.001.21411 for DC versions and 24.001.30362 (Windows) / 24.001.30360 (macOS) for Acrobat 2024; Adobe updated advisories and noted the attack vector is Local rather than Network.

via The Hacker News|
#acrobat-reader#active-exploitation#cve-2026-34621
Active Exploitation of Critical Windows Server Update Service Vulnerability
security7 months ago

Active Exploitation of Critical Windows Server Update Service Vulnerability

A critical remote code execution vulnerability in Microsoft WSUS (CVE-2025-59287) was actively exploited in the wild shortly after an emergency patch was released. The flaw allows unauthenticated attackers to execute arbitrary code on affected servers, primarily impacting systems with the WSUS role enabled. Microsoft recommends immediate patching or applying workarounds such as disabling the WSUS role or blocking high-risk ports to mitigate the risk.

via Unit 42|
#active-exploitation#cve-2025-59287#microsoft-patch
Microsoft Releases Urgent Patch for Critical WSUS Vulnerability Exploited in the Wild
technology7 months ago

Microsoft Releases Urgent Patch for Critical WSUS Vulnerability Exploited in the Wild

Microsoft released urgent out-of-band security updates for a critical WSUS vulnerability (CVE-2025-59287) that is actively being exploited in the wild, allowing remote code execution through unsafe deserialization. Users are advised to apply the patch immediately and follow recommended mitigations to prevent attacks.

via The Hacker News|
#active-exploitation#cve-2025-59287#microsoft-wsus-vulnerability
US Government Urgently Patches Cisco Vulnerabilities Amid Widespread Cyberattacks
security8 months ago

US Government Urgently Patches Cisco Vulnerabilities Amid Widespread Cyberattacks

A sophisticated state-sponsored threat actor is actively exploiting multiple zero-day vulnerabilities in Cisco ASA and FTD software, primarily targeting government networks worldwide for data exfiltration. Cisco has issued advisories and software updates to address these critical vulnerabilities, which allow remote code execution and data theft. The vulnerabilities are being exploited with advanced evasion techniques, posing significant risks to organizations, especially those with internet-facing edge devices. Authorities like CISA and NCSC have issued mitigation directives and analyzed malware used in these attacks.

via Palo Alto Networks|
#active-exploitation#cisco-asa#cybersecurity
CISA Identifies Active Exploitation of Samsung and D-Link Device Vulnerabilities
cybersecurity2 years ago

CISA Identifies Active Exploitation of Samsung and D-Link Device Vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified and patched eight actively exploited vulnerabilities, including six affecting Samsung smartphones and two impacting D-Link devices. The flaws in Samsung devices may have been used by a commercial spyware vendor in targeted attacks, while the D-Link vulnerabilities were leveraged by threat actors associated with a Mirai botnet variant. Federal agencies are required to apply necessary fixes by July 20, 2023, to protect their networks.

via The Hacker News|
#active-exploitation#cisa#cybersecurity