Mitel VoIP Bug Exploited in Ransomware Attacks
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
Stay informed on the latest exploit trends and vulnerabilities. Get expert insights and updates on information security exploits with our dedicated tag.
Search across headline titles and summaries.
Background for this topic.
An exploit is code, data, or a sequence of actions that uses a software, hardware, or configuration vulnerability to produce unintended behavior. Depending on the flaw and the attacker’s access, it may enable unauthorized code execution, privilege escalation, information disclosure, or denial of service. Exploitation can occur remotely through exposed services, web applications, or client software, or locally after an attacker gains limited access.
Exploitation matters because a vulnerability becomes an active attack path when the required conditions are reachable and exploitable. Defenders should inventory affected assets, prioritize remediation when exploitation is known or credible, apply patches or vendor mitigations, and reduce exposure through access controls, segmentation, and secure configuration. Monitoring for exploit-specific indicators—such as abnormal requests, unexpected processes, or privilege changes—supports detection; systems suspected of successful exploitation require containment and investigation for follow-on access.
Weekly headline count for the current query.
Researchers warn threat actors are using a novel remote code execution exploit to gain initial access to victim’s environments.
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.
Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.
Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.
The bug has a severe rating of 9.8, public exploits are released.
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’
Five percent of the databases are vulnerable to threat actors: It's a gold mine of exploit opportunity in thousands of mobile apps, researchers say.
On the plus side, only instances with non-standard not recommended configurations are vulnerable. On the downside, those configurations aren't easy to track down, and it's easy as pie to exploit.
Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit.
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.
The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating.
The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update.