vulnerability

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems

CISA, Vulnerabilities, vulnerability /

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems 2024-11-26 at 13:03 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) published seven detailed security advisories to address critical vulnerabilities in various Industrial Control Systems (ICS). These advisories cover a range of products, from web-based control servers to automated […]

React to this headline:

Loading spinner

CISA Releases Seven Critical ICS Advisories to Address Vulnerabilities in Industrial Control Systems Read More »

Weekly IT Vulnerability Report: Critical Exploits Highlighted in This Week’s Analysis

vulnerability /

Weekly IT Vulnerability Report: Critical Exploits Highlighted in This Week’s Analysis 2024-11-25 at 15:04 By daksh sharma Overview Cyble Research and Intelligence Labs (CRIL) analyzed 25 vulnerabilities between November 13 and November 19, 2024, identifying several high-priority threats that security teams must address. This blog also highlights 10 exploit discussions on underground forums, increasing the

React to this headline:

Loading spinner

Weekly IT Vulnerability Report: Critical Exploits Highlighted in This Week’s Analysis Read More »

Top ICS Vulnerabilities This Week: Siemens, Baxter, and Subnet Solutions

ICS Vulnerabilities, vulnerability /

Top ICS Vulnerabilities This Week: Siemens, Baxter, and Subnet Solutions 2024-11-22 at 14:33 By daksh sharma This week’s Cyble ICS vulnerability report includes critical vulnerabilities like CVE-2024-39332 in Siemens, CVE-2024-9834 in Baxter Life2000 Ventilation System, and CVE-2024-45490 in Subnet Solutions that need urgent patching. Overview Cyble Research & Intelligence Labs (CRIL) has analyzed key Industrial

React to this headline:

Loading spinner

Top ICS Vulnerabilities This Week: Siemens, Baxter, and Subnet Solutions Read More »

German CERT Warns ‘Attacks are Happening,’ Urges PAN-OS Chained Vulnerabilities’ Patching

German, vulnerability /

German CERT Warns ‘Attacks are Happening,’ Urges PAN-OS Chained Vulnerabilities’ Patching 2024-11-21 at 16:18 By daksh sharma Overview The German CERT has raised the alarm bells for the exploitation of chained vulnerabilities, urging users to patch them urgently as hundreds of vulnerable instances remain exposed around the country and the globe. CERT-Bund warned in a

React to this headline:

Loading spinner

German CERT Warns ‘Attacks are Happening,’ Urges PAN-OS Chained Vulnerabilities’ Patching Read More »

CWE top 25 most dangerous software weaknesses

CVE, cybersecurity, Don't miss, Hot stuff, News, vulnerability /

CWE top 25 most dangerous software weaknesses 2024-11-21 at 07:33 By Help Net Security The CWE list of the 25 most dangerous software weaknesses demonstrates the currently most common and impactful software flaws. Identifying the root causes of these vulnerabilities provides insights to shape investments, policies, and practices that proactively prevent their occurrence. The CWE

React to this headline:

Loading spinner

CWE top 25 most dangerous software weaknesses Read More »

Apple Rolls Out Urgent Security Updates to Address Actively Exploited Zero-Day Vulnerabilities

apple, vulnerability /

Apple Rolls Out Urgent Security Updates to Address Actively Exploited Zero-Day Vulnerabilities 2024-11-20 at 16:54 By daksh sharma Apple has released a new security update to address two zero-day vulnerabilities that have been actively exploited in the wild. The update, released on November 19, 2024, affects iOS, iPadOS, macOS, visionOS, and the Safari browser and

React to this headline:

Loading spinner

Apple Rolls Out Urgent Security Updates to Address Actively Exploited Zero-Day Vulnerabilities Read More »

CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog

CISA, vulnerability /

CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog 2024-11-19 at 11:01 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has recently added three significant vulnerabilities to its Known Exploited Vulnerabilities Catalog (KEV), based on evidence of active exploitation. These vulnerabilities, identified in popular networking and security products, represent a

React to this headline:

Loading spinner

CISA Adds Three Critical Vulnerabilities to the Known Exploited Vulnerabilities Catalog Read More »

CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure

vulnerability /

CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure 2024-11-18 at 13:48 By daksh sharma Overview The Indian Computer Emergency Response Team (CERT-In) has recently added two Cisco vulnerabilities to its catalog. Both vulnerabilities target Cisco products, with high severity ratings and potential for impacts on the confidentiality, integrity, and availability of affected systems.  The

React to this headline:

Loading spinner

CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key Infrastructure Read More »

CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog

CISA, CVE-2024-9463, CVE-2024-9465, OS Command Injection, vulnerability /

CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog 2024-11-18 at 09:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has officially added two high-severity vulnerabilities affecting Palo Alto Networks Expedition to its Known Exploited Vulnerability (KEV) Catalog. The two Palo Alto Networks vulnerabilities, which are actively being targeted

React to this headline:

Loading spinner

CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog Read More »

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)

ClearSky Cyber Security, CVE, Don't miss, Hot stuff, Malware, News, spear-phishing, Ukraine, vulnerability, Windows, Windows Server /

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) 2024-11-14 at 12:02 By Zeljka Zorz CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky researchers have revealed. About the vulnerability CVE-2024-43451 affects all supported Windows versions

React to this headline:

Loading spinner

How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) Read More »

Zero-days dominate top frequently exploited vulnerabilities

0-day, CISA, Don't miss, FBI, Hot stuff, NCSC, News, NSA, report, Tenable, vulnerability /

Zero-days dominate top frequently exploited vulnerabilities 2024-11-14 at 07:03 By Mirko Zorz A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. Zero-day vulnerabilities on the rise The advisory highlights that malicious cyber actors increasingly targeted zero-day vulnerabilities, posing significant

React to this headline:

Loading spinner

Zero-days dominate top frequently exploited vulnerabilities Read More »

IT Vulnerability Report: Exposed Fortinet Vulnerabilities Approach 1 Million

Vulnerabilities, vulnerability /

IT Vulnerability Report: Exposed Fortinet Vulnerabilities Approach 1 Million 2024-11-13 at 16:18 By Paul Shread Cyble Research and Intelligence Labs (CRIL) researchers investigated 18 vulnerabilities and 10 dark web exploits in the last week – including an actively exploited Fortinet vulnerability with nearly 1 million exposed assets on the internet. Other vulnerabilities analyzed by Cyble

React to this headline:

Loading spinner

IT Vulnerability Report: Exposed Fortinet Vulnerabilities Approach 1 Million Read More »

Australian Cyber Security Center Highlights Key Vulnerabilities Exploited in 2023

vulnerability /

Australian Cyber Security Center Highlights Key Vulnerabilities Exploited in 2023 2024-11-13 at 16:18 By Cyble Key Takeaways   Overview  The Australian Cyber Security Center (ACSC) has issued an important cybersecurity advisory detailing a range of vulnerabilities in 2023. The report, which was coauthored by cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the

React to this headline:

Loading spinner

Australian Cyber Security Center Highlights Key Vulnerabilities Exploited in 2023 Read More »

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

0-day, Active Directory, CVE, Don't miss, Hot stuff, Immersive Labs, Ivanti, Microsoft, Microsoft Defender, News, OpenSSL, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) 2024-11-12 at 23:03 By Zeljka Zorz November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (CVE-2024-43451, CVE-2024-49039) CVE-2024-43451 is yet another

React to this headline:

Loading spinner

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) Read More »

HPE Aruba Access Points have Critical Command Injection Vulnerabilities

Vulnerabilities, vulnerability /

HPE Aruba Access Points have Critical Command Injection Vulnerabilities 2024-11-12 at 15:49 By daksh sharma Overview Hewlett Packard Enterprise (HPE) Aruba Networking has identified multiple critical security vulnerabilities affecting its Access Points running Instant AOS-8 and AOS-10. The vulnerabilities, tracked under several CVEs including CVE-2024-42509 and CVE-2024-47460, could allow unauthenticated attackers to remotely execute commands

React to this headline:

Loading spinner

HPE Aruba Access Points have Critical Command Injection Vulnerabilities Read More »

No Fix for Critical Command Injection Vulnerability in Legacy D-Link NAS Devices  

vulnerability /

No Fix for Critical Command Injection Vulnerability in Legacy D-Link NAS Devices   2024-11-11 at 17:03 By Cyble Overview  A recently identified command injection vulnerability in D-Link network-attached storage (NAS) devices exposes over 61,000 internet-connected units to potential exploitation.   The flaw, tracked as CVE-2024-10914, allows unauthenticated attackers to inject arbitrary commands by exploiting the name parameter

React to this headline:

Loading spinner

No Fix for Critical Command Injection Vulnerability in Legacy D-Link NAS Devices   Read More »

Path Traversal Vulnerability in WPLMS WordPress Theme Exposes Websites to RCE 

vulnerability /

Path Traversal Vulnerability in WPLMS WordPress Theme Exposes Websites to RCE  2024-11-11 at 17:03 By Cyble Overview  A critical path traversal vulnerability, CVE-2024-10470, has been identified in the WPLMS Learning Management System (LMS) theme for WordPress. This vulnerability enables unauthenticated attackers to read and delete arbitrary files on the server due to insufficient file path

React to this headline:

Loading spinner

Path Traversal Vulnerability in WPLMS WordPress Theme Exposes Websites to RCE  Read More »

Weekly ICS Vulnerability Intelligence Report: Rockwell Automation, Delta Electronics, Solar-Log

Delta Electronics, vulnerability, Weekly ICS Vulnerability Intelligence Report: Rockwell Automation /

Weekly ICS Vulnerability Intelligence Report: Rockwell Automation, Delta Electronics, Solar-Log 2024-11-08 at 15:01 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has investigated significant ICS vulnerabilities this week, providing essential insights derived from advisories issued by the Cybersecurity and Infrastructure Security Agency (CISA). This week’s report highlights multiple vulnerabilities across critical ICS products,

React to this headline:

Loading spinner

Weekly ICS Vulnerability Intelligence Report: Rockwell Automation, Delta Electronics, Solar-Log Read More »

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

CVE, Don't miss, Horizon3.ai, Hot stuff, News, Palo Alto Networks, PoC, vulnerability /

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) 2024-11-08 at 13:36 By Zeljka Zorz A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of Synopsys

React to this headline:

Loading spinner

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) Read More »

Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching

vulnerability, Zero Click /

Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching 2024-11-07 at 16:19 By daksh sharma Overview A recently discovered high-severity vulnerability, tracked as CVE-2024-10443 and dubbed “RISK:STATION,” poses a significant threat to Synology NAS users worldwide. The vulnerability, affecting Synology DiskStation and BeeStation models, allows remote code execution without user interaction, heightening the potential

React to this headline:

Loading spinner

Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching Read More »

Scroll to Top