Vulnerability Archives ⋆ CyberHood Sentinel

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Commvault’s Command Center to its Known Exploited Vulnerabilities (KEV) catalog, following confirmed reports of active exploitation.…

News

Windows Vulnerability CVE-2025-24054 Actively Exploited to Steal NTLM Credentials

April 18, 2025 TeamHood

A medium-severity vulnerability in Microsoft Windows, identified as CVE-2025-24054, is currently under active exploitation, enabling attackers to steal NTLM credentials through minimal user interaction. The U.S. Cybersecurity and Infrastructure Security…

News

Unpatched NVIDIA Container Toolkit Bug Could Let Attackers Escape Docker and Hijack Linux Hosts

April 10, 2025 TeamHood

In September 2024, NVIDIA addressed a critical vulnerability in its Container Toolkit, identified as CVE-2024-0132, which had a CVSS score of 9.0. This Time-of-Check Time-of-Use (TOCTOU) flaw allowed specially crafted…

News

Apache Tomcat CVE-2025-24813 Exploited in the Wild – Patch Now to Prevent Attacks

March 17, 2025 TeamHood

A critical security vulnerability identified as CVE-2025-24813 has been discovered in Apache Tomcat, a widely used open-source Java servlet container. This flaw is actively being exploited in the wild, allowing…

News

Apple Releases Emergency Security Patch for WebKit Zero-Day Vulnerability (CVE-2025-24201)

March 12, 2025 TeamHood

Apple has rolled out an urgent security update to patch a zero-day vulnerability in WebKit (CVE-2025-24201), which has been actively exploited in the wild. This flaw, found in the Safari…

News

VMware Security Flaws Under Active Exploitation—Critical Patches Released to Mitigate Risks

March 4, 2025 TeamHood

Broadcom has released critical security updates to address three actively exploited vulnerabilities affecting VMware ESXi, Workstation, and Fusion products. These vulnerabilities could lead to code execution and information disclosure, posing…

News

Microsoft Uncovers New macOS Vulnerability Allowing System Integrity Protection Bypass

January 14, 2025 TeamHood

In a significant discovery that highlights the evolving threat landscape for macOS users, Microsoft recently unveiled a critical vulnerability in Apple’s macOS that could have allowed malicious actors to bypass…

News

Chinese Hackers Exploit Fortinet VPN Zero-Day: A Wake-Up Call for Cybersecurity

November 19, 2024 TeamHood

In a recent cybersecurity development, Chinese threat actors have been exploiting a zero-day vulnerability in Fortinet’s FortiClient Windows VPN client to steal user credentials. This vulnerability allows attackers to extract…

News

Chinese APT41 Hackers Target Gambling Industry in Sophisticated Cyberattack

October 21, 2024 TeamHood

In a recent cyberattack, the Chinese state-sponsored hacking group APT41 targeted the gambling industry, focusing on financial gain and espionage. The intrusion, which lasted for nine months, showcased the group’s…

News

Unmasking the SolarWinds Serv-U Path Traversal Flaw: A Guide for Security Engineers

June 20, 2024 TeamHood

Introduction In an era where cybersecurity threats are increasingly sophisticated, security engineers must remain vigilant and informed about the latest vulnerabilities that could jeopardize organizational security. One of the recent…

Critical Commvault Vulnerability Actively Exploited, Added to CISA’s KEV Catalog

Windows Vulnerability CVE-2025-24054 Actively Exploited to Steal NTLM Credentials

Unpatched NVIDIA Container Toolkit Bug Could Let Attackers Escape Docker and Hijack Linux Hosts

Apache Tomcat CVE-2025-24813 Exploited in the Wild – Patch Now to Prevent Attacks

Apple Releases Emergency Security Patch for WebKit Zero-Day Vulnerability (CVE-2025-24201)

VMware Security Flaws Under Active Exploitation—Critical Patches Released to Mitigate Risks

Microsoft Uncovers New macOS Vulnerability Allowing System Integrity Protection Bypass

Chinese Hackers Exploit Fortinet VPN Zero-Day: A Wake-Up Call for Cybersecurity

Chinese APT41 Hackers Target Gambling Industry in Sophisticated Cyberattack

Unmasking the SolarWinds Serv-U Path Traversal Flaw: A Guide for Security Engineers

You missed

Google Patches Actively Exploited Android Vulnerability CVE-2025-27363 in May 2025 Security Bulletin

Wormable AirPlay Flaws Allow Zero-Click Attacks on Apple and Third-Party Devices

Critical Commvault Vulnerability Actively Exploited, Added to CISA’s KEV Catalog

SentinelOne Uncovers Chinese APT ‘PurpleHaze’ Targeting Global Enterprises in Espionage Campaign

Tag: Vulnerability

You missed