vulnerability

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity

5G, cellular, LTE, Mobile & Wireless, vulnerability /

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity 2025-01-27 at 18:36 By Ionut Arghire Vulnerabilities in LTE/5G core infrastructure, some remotely exploitable, could lead to persistent denial-of-service to entire cities. The post LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

React to this headline:

Loading spinner

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity Read More »

IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble

vulnerability /

IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble 2025-01-27 at 17:20 By daksh sharma Overview Cyble’s vulnerability intelligence report to clients last week examined high-risk flaws in 7-Zip, Microsoft Windows, and Fortinet, among other products. It also examined dark web claims of a zero-day vulnerability in Apple iOS. In all, the report

React to this headline:

Loading spinner

IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble Read More »

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

Bishop Fox, CVE, Don't miss, enterprise, Hot stuff, News, security update, SMBs, SonicWall, vulnerability /

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) 2025-01-27 at 17:20 By Zeljka Zorz 5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability on

React to this headline:

Loading spinner

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) Read More »

Git Vulnerabilities Led to Credentials Exposure

Clone2Leak, Git, Vulnerabilities, vulnerability /

Git Vulnerabilities Led to Credentials Exposure 2025-01-27 at 14:49 By Ionut Arghire Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to compromise user credentials. The post Git Vulnerabilities Led to Credentials Exposure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Git Vulnerabilities Led to Credentials Exposure Read More »

Unlocking Vulnrichment: Enhancing CVE Data for Smarter Vulnerability Management 

vulnerability /

Unlocking Vulnrichment: Enhancing CVE Data for Smarter Vulnerability Management  2025-01-24 at 16:48 By Cyble Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has introduced Vulnrichment, an innovative initiative designed to enhance CVE data by adding crucial context, scoring, and detailed analysis. Launched on May 10, 2024, Vulnrichment aims to empower security professionals by providing more

React to this headline:

Loading spinner

Unlocking Vulnrichment: Enhancing CVE Data for Smarter Vulnerability Management  Read More »

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

Cisco, Don't miss, Hot stuff, News, PoC, security update, video conferencing, vulnerability /

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw 2025-01-23 at 15:03 By Zeljka Zorz Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint

React to this headline:

Loading spinner

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw Read More »

Aircraft Collision Avoidance Systems Hit by High-Severity ICS Vulnerability 

cyber news, vulnerability /

Aircraft Collision Avoidance Systems Hit by High-Severity ICS Vulnerability  2025-01-23 at 14:48 By Paul Shread Overview  A pair of vulnerabilities in the Traffic Alert and Collision Avoidance System (TCAS) II for avoiding midair collisions were among 20 vulnerabilities reported by Cyble in its weekly Industrial Control System (ICS) Vulnerability Intelligence Report.  The midair collision system

React to this headline:

Loading spinner

Aircraft Collision Avoidance Systems Hit by High-Severity ICS Vulnerability  Read More »

 JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products

JoCERT, Vulnerabilities, vulnerability /

 JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products 2025-01-21 at 15:32 By daksh sharma Overview JoCERT has issued an alert regarding critical command injection vulnerabilities discovered in HPE Aruba’s 501 Wireless Client Bridge. The vulnerabilities, tracked as CVE-2024-54006 and CVE-2024-54007, allow authenticated attackers with administrative privileges to execute arbitrary commands on

React to this headline:

Loading spinner

 JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products Read More »

Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users

Mozilla Vulnerabilities, vulnerability /

Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users 2025-01-21 at 11:33 By daksh sharma Overview Mozilla products, including the popular Mozilla Firefox and Thunderbird, have been found to contain multiple vulnerabilities that could allow attackers to execute arbitrary code, cause system instability, and even gain escalated privileges. The severity of these issues

React to this headline:

Loading spinner

Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users Read More »

Fortinet Zero-Day CVE-2024-55591 Exposed: Super-Admin Access Risk

CVE-2024-55591, Fortinet, vulnerability /

Fortinet Zero-Day CVE-2024-55591 Exposed: Super-Admin Access Risk 2025-01-20 at 17:49 By daksh sharma Overview Fortinet, a global leader in cybersecurity solutions, recently released a critical advisory addressing a significant vulnerability (CVE-2024-55591) in its FortiOS and FortiProxy products. This flaw, which has a CVSSv3 score of 9.6, is categorized as a critical authentication bypass vulnerability and

React to this headline:

Loading spinner

Fortinet Zero-Day CVE-2024-55591 Exposed: Super-Admin Access Risk Read More »

Cyble Sensors Detect Attacks on Check Point, Ivanti and More

Check Point, vulnerability /

Cyble Sensors Detect Attacks on Check Point, Ivanti and More 2025-01-20 at 17:01 By daksh sharma Cyble honeypots have detected vulnerability exploits on Check Point and Ivanti products, databases, CMS systems, and many other IT products. Overview Cyble honeypot sensors have detected new attacks on vulnerabilities in Check Point and Ivanti products, among dozens of

React to this headline:

Loading spinner

Cyble Sensors Detect Attacks on Check Point, Ivanti and More Read More »

Weekly IT Vulnerability Report: Critical Updates for SAP, Microsoft, Fortinet, and Others

IT Vulnerability, vulnerability /

Weekly IT Vulnerability Report: Critical Updates for SAP, Microsoft, Fortinet, and Others 2025-01-17 at 15:03 By daksh sharma Key vulnerabilities in SAP, Microsoft, Fortinet, and others demand immediate attention as threat actors exploit critical flaws. Overview Cyble Research and Intelligence Labs (CRIL) analyzed significant IT vulnerabilities disclosed between January 8 and 14, 2025. The Cybersecurity

React to this headline:

Loading spinner

Weekly IT Vulnerability Report: Critical Updates for SAP, Microsoft, Fortinet, and Others Read More »

Critical SimpleHelp vulnerabilities fixed, update your server instances!

Don't miss, enterprise, Horizon3.ai, Hot stuff, News, remote access, SimpleHelp, SMBs, software, tech support, vulnerability /

Critical SimpleHelp vulnerabilities fixed, update your server instances! 2025-01-16 at 17:04 By Zeljka Zorz If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security vulnerabilities that may be exploited by remote attackers to execute code on the underlying host. About

React to this headline:

Loading spinner

Critical SimpleHelp vulnerabilities fixed, update your server instances! Read More »

ICS Vulnerability Report: Hitachi Energy Network Management Flaw Scores a Perfect 10

vulnerability /

ICS Vulnerability Report: Hitachi Energy Network Management Flaw Scores a Perfect 10 2025-01-16 at 14:30 By Paul Shread Overview  Critical vulnerabilities in Hitachi Energy UNEM Network Management Systems were among the highlights in Cyble’s weekly Industrial Control System (ICS) Vulnerability Intelligence Report, which also examined flaws in products from Delta Electronics, Schneider Electric and other

React to this headline:

Loading spinner

ICS Vulnerability Report: Hitachi Energy Network Management Flaw Scores a Perfect 10 Read More »

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)

CVE, Don't miss, ESET, Microsoft, News, research, vulnerability /

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) 2025-01-16 at 12:03 By Help Net Security ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability

React to this headline:

Loading spinner

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) Read More »

Rsync vulnerabilities allow remote code execution on servers, patch quickly!

Debian, Don't miss, Hot stuff, Linux, News, Ubuntu, vulnerability /

Rsync vulnerabilities allow remote code execution on servers, patch quickly! 2025-01-15 at 16:46 By Zeljka Zorz Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only

React to this headline:

Loading spinner

Rsync vulnerabilities allow remote code execution on servers, patch quickly! Read More »

Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security

Fortinet, vulnerability /

Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security 2025-01-15 at 14:24 By daksh sharma Overview Fortinet has disclosed a critical authentication bypass vulnerability affecting FortiOS and FortiProxy systems, identified as CVE-2024-55591. With a CVSS score of 9.6, this vulnerability allows unauthenticated attackers to execute unauthorized code or commands, granting them “super-admin” privileges.

React to this headline:

Loading spinner

Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security Read More »

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

0-day, Action1, Don't miss, Hot stuff, Immersive Labs, Microsoft, MS Office, News, Tenable, Trend Micro, Unpatched.ai, virtualization, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws 2025-01-14 at 23:03 By Zeljka Zorz Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The exploited zero-days are CVE-2025-21333

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Read More »

What 2024 taught us about security vulnerabilties

BitSight, Black Duck, Checkmarx, CISA, cybersecurity, FBI, Fortinet, NCSC, News, NSA, report, Skybox Security, survey, Tenable, Veracode, vulnerability /

What 2024 taught us about security vulnerabilties 2025-01-14 at 06:03 By Help Net Security From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical gaps in organizational defenses. This roundup showcases the standout findings from 2024’s cybersecurity reports, highlighting critical risks and

React to this headline:

Loading spinner

What 2024 taught us about security vulnerabilties Read More »

Inside the Active Threats of Ivanti’s Exploited Vulnerabilities

Ivanti, vulnerability /

Inside the Active Threats of Ivanti’s Exploited Vulnerabilities 2025-01-13 at 15:19 By daksh sharma Threats, exploitation, and mitigation of Ivanti’s two critical actively exploited vulnerabilities—CVE-2025-0282 and CVE-2025-0283—affecting its Connect Secure, Policy Secure, and Neurons for ZTA Gateways. Overview On January 8, 2025, Ivanti disclosed two critical vulnerabilities—CVE-2025-0282 and CVE-2025-0283—affecting its Connect Secure, Policy Secure, and

React to this headline:

Loading spinner

Inside the Active Threats of Ivanti’s Exploited Vulnerabilities Read More »

Scroll to Top