enterprise

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) 2025-03-21 at 13:33 By Zeljka Zorz A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has […]

React to this headline:

Loading spinner

NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) Read More »

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) 2025-03-20 at 14:29 By Zeljka Zorz Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the

React to this headline:

Loading spinner

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Read More »

2024 phishing trends tell us what to expect in 2025

2024 phishing trends tell us what to expect in 2025 2025-02-27 at 14:18 By Zeljka Zorz Phishing has been the method most often employed by cybercriminals to achieve initial access to targeted organizations in 2024, according to risk advisory firm Kroll, which expects this trend to continue in 2025. But attackers have also increasingly been

React to this headline:

Loading spinner

2024 phishing trends tell us what to expect in 2025 Read More »

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) 2025-02-24 at 16:18 By Zeljka Zorz A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials

React to this headline:

Loading spinner

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) Read More »

Attackers are chaining flaws to breach Palo Alto Networks firewalls

Attackers are chaining flaws to breach Palo Alto Networks firewalls 2025-02-19 at 11:03 By Zeljka Zorz Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively exploiting CVE-2025-0108, up from 2 on February 13,” the

React to this headline:

Loading spinner

Attackers are chaining flaws to breach Palo Alto Networks firewalls Read More »

BlackLock ransomware onslaught: What to expect and how to fight it

BlackLock ransomware onslaught: What to expect and how to fight it 2025-02-18 at 18:33 By Zeljka Zorz BlackLock is on track to become the most active ransomware-as-a-service (RaaS) outfit in 2025, according to ReliaQuest. Its success is primarily due to their unusually active presence and good reputation on the ransomware-focused Russian-language forum RAMP, and their

React to this headline:

Loading spinner

BlackLock ransomware onslaught: What to expect and how to fight it Read More »

DeepSeek’s popularity exploited by malware peddlers, scammers

DeepSeek’s popularity exploited by malware peddlers, scammers 2025-01-29 at 15:18 By Zeljka Zorz As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of the cost, users are rushing to try out DeepSeek’s AI tool. In the process, they

React to this headline:

Loading spinner

DeepSeek’s popularity exploited by malware peddlers, scammers Read More »

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) 2025-01-27 at 17:20 By Zeljka Zorz 5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability on

React to this headline:

Loading spinner

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) Read More »

North Korean IT workers are extorting employers, FBI warns

North Korean IT workers are extorting employers, FBI warns 2025-01-24 at 16:48 By Zeljka Zorz The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world. While corporate espionage comes to mind first, the threat goes beyond that: “In

React to this headline:

Loading spinner

North Korean IT workers are extorting employers, FBI warns Read More »

Juniper enterprise routers backdoored via “magic packet” malware

Juniper enterprise routers backdoored via “magic packet” malware 2025-01-23 at 20:05 By Zeljka Zorz A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic” backdoor, which is loaded into the devices’ memory and spawns a reverse shell when instructed to do so. “Our telemetry indicates the J-magic campaign

React to this headline:

Loading spinner

Juniper enterprise routers backdoored via “magic packet” malware Read More »

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) 2025-01-23 at 11:03 By Zeljka Zorz A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability,” the company said

React to this headline:

Loading spinner

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) Read More »

48,000+ internet-facing Fortinet firewalls still open to attack

48,000+ internet-facing Fortinet firewalls still open to attack 2025-01-22 at 14:34 By Zeljka Zorz Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver

React to this headline:

Loading spinner

48,000+ internet-facing Fortinet firewalls still open to attack Read More »

Ransomware attackers are “vishing” organizations via Microsoft Teams

Ransomware attackers are “vishing” organizations via Microsoft Teams 2025-01-21 at 14:10 By Zeljka Zorz The “email bombing + posing as tech support via Microsoft Teams” combination is proving fruitful for two threat actors looking to deliver ransomware to organizations, and they seem to be ramping up their efforts. “Sophos MDR has observed more than 15

React to this headline:

Loading spinner

Ransomware attackers are “vishing” organizations via Microsoft Teams Read More »

Critical SimpleHelp vulnerabilities fixed, update your server instances!

Critical SimpleHelp vulnerabilities fixed, update your server instances! 2025-01-16 at 17:04 By Zeljka Zorz If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security vulnerabilities that may be exploited by remote attackers to execute code on the underlying host. About

React to this headline:

Loading spinner

Critical SimpleHelp vulnerabilities fixed, update your server instances! Read More »

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? 2025-01-16 at 13:03 By Zeljka Zorz A threat actor has leaked configuration files (aka configs) for over 15,000 Fortinet Fortigate firewalls and associated admin and user credentials. The collection has been leaked on Monday and publicized on an underground forum by the threat actor

React to this headline:

Loading spinner

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? Read More »

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) 2025-01-14 at 19:21 By Zeljka Zorz Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that’s being exploited by attackers to compromise publicly-exposed FortiGate firewalls. While Fortinet acknowledged in-the-wild exploitation in the accompanying security advisory, they did share

React to this headline:

Loading spinner

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) Read More »

Attackers are encrypting AWS S3 data without using ransomware

Attackers are encrypting AWS S3 data without using ransomware 2025-01-13 at 19:03 By Zeljka Zorz A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used. They do not exfiltrate the

React to this headline:

Loading spinner

Attackers are encrypting AWS S3 data without using ransomware Read More »

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) 2025-01-09 at 14:23 By Zeljka Zorz The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant researchers have shared. It’s still impossible to say whether they were mounted by a single threat actor, but the

React to this headline:

Loading spinner

Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) Read More »

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) 2025-01-08 at 21:49 By Zeljka Zorz Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which (CVE-2025-0282) has been exploited as a zero-day by attackers to compromise Connect Secure VPN appliances. About CVE-2025-0282 and CVE-2025-0283 Both are stack-based buffer overflow

React to this headline:

Loading spinner

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) Read More »

Scroll to Top