vulnerability

Rsync vulnerabilities allow remote code execution on servers, patch quickly!

Debian, Don't miss, Hot stuff, Linux, News, Ubuntu, vulnerability /

Rsync vulnerabilities allow remote code execution on servers, patch quickly! 2025-01-15 at 16:46 By Zeljka Zorz Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only […]

Rsync vulnerabilities allow remote code execution on servers, patch quickly! Read More »

Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security

Fortinet, vulnerability /

Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security 2025-01-15 at 14:24 By daksh sharma Overview Fortinet has disclosed a critical authentication bypass vulnerability affecting FortiOS and FortiProxy systems, identified as CVE-2024-55591. With a CVSS score of 9.6, this vulnerability allows unauthenticated attackers to execute unauthorized code or commands, granting them “super-admin” privileges.

Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security Read More »

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

0-day, Action1, Don't miss, Hot stuff, Immersive Labs, Microsoft, MS Office, News, Tenable, Trend Micro, Unpatched.ai, virtualization, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws 2025-01-14 at 23:03 By Zeljka Zorz Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The exploited zero-days are CVE-2025-21333

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Read More »

What 2024 taught us about security vulnerabilties

BitSight, Black Duck, Checkmarx, CISA, cybersecurity, FBI, Fortinet, NCSC, News, NSA, report, Skybox Security, survey, Tenable, Veracode, vulnerability /

What 2024 taught us about security vulnerabilties 2025-01-14 at 06:03 By Help Net Security From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical gaps in organizational defenses. This roundup showcases the standout findings from 2024’s cybersecurity reports, highlighting critical risks and

What 2024 taught us about security vulnerabilties Read More »

Inside the Active Threats of Ivanti’s Exploited Vulnerabilities

Ivanti, vulnerability /

Inside the Active Threats of Ivanti’s Exploited Vulnerabilities 2025-01-13 at 15:19 By daksh sharma Threats, exploitation, and mitigation of Ivanti’s two critical actively exploited vulnerabilities—CVE-2025-0282 and CVE-2025-0283—affecting its Connect Secure, Policy Secure, and Neurons for ZTA Gateways. Overview On January 8, 2025, Ivanti disclosed two critical vulnerabilities—CVE-2025-0282 and CVE-2025-0283—affecting its Connect Secure, Policy Secure, and

Inside the Active Threats of Ivanti’s Exploited Vulnerabilities Read More »

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report

vulnerability, vulnerability management /

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report 2025-01-10 at 09:35 By Ashish Khaitan Overview  This week’s ICS vulnerability report sheds light on multiple flaws detected between January 01, 2025, to January 07, 2025. The report offers crucial insights into the cybersecurity challenges faced by organizations. It draws attention to the vulnerabilities identified by the

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report Read More »

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers

CISA, Don't miss, enterprise, Hot stuff, Mitel, News, Oracle WebLogic, vulnerability /

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers 2025-01-08 at 14:20 By Zeljka Zorz CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The Mitel MiCollab vulnerabilities exploited Mitel MiCollab is a popular enterprise collaboration suite. CVE-2024-41713 and CVE-2024-55550 are both path traversal

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers Read More »

CISA Releases Two New Industrial Control Systems Advisories for 2025

vulnerability, vulnerability management /

CISA Releases Two New Industrial Control Systems Advisories for 2025 2025-01-08 at 14:12 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories. These advisories, ICSA-25-007-01 and ICSA-25-007-02, aim to inform users and administrators about vulnerabilities in key ICS products. The goal is to mitigate potential

CISA Releases Two New Industrial Control Systems Advisories for 2025 Read More »

Tenable Nessus Bug and LDAP RCE: What You Need to Know

vulnerability, vulnerability management /

Tenable Nessus Bug and LDAP RCE: What You Need to Know 2025-01-07 at 12:48 By Ashish Khaitan Overview  JoCERT has alerted the global cybersecurity community about two critical issues requiring urgent attention from IT professionals and system administrators. The first involves Tenable Nessus Agents, a widely-used vulnerability scanning tool, while the second concerns a critical

Tenable Nessus Bug and LDAP RCE: What You Need to Know Read More »

Open source worldwide: Critical maintenance gaps exposed

code, Don't miss, Hot stuff, Lineaje, open source, software, Video, vulnerability /

Open source worldwide: Critical maintenance gaps exposed 2025-01-07 at 06:31 By Help Net Security Lineaje recently released a report identifying the US and Russia as the leading generators of open-source projects, with both countries also having the highest numbers of anonymous open-source contributions. In this Help Net Security video, Nick Mistry, SVP and CISO of

Open source worldwide: Critical maintenance gaps exposed Read More »

Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024

CRIL, Four-Faith routers, PAN-OS, vulnerability, Weekly Vulnerability /

Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024 2025-01-06 at 15:36 By daksh sharma Overview This week’s vulnerability report sheds light on a broad range of critical vulnerabilities identified from December 25 to December 31, 2024. The report emphasizes several high-severity flaws that pose online threats to cybersecurity, including new additions to

Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024 Read More »

Weekly Vulnerability Roundup: Highlights from SingCERT’s Security Bulletin

SingCERT, vulnerability /

Weekly Vulnerability Roundup: Highlights from SingCERT’s Security Bulletin 2025-01-06 at 14:48 By daksh sharma Overview The Singapore Computer Emergency Response Team (SingCERT) has released its latest Security Bulletin, summarizing vulnerabilities reported in the past week from the National Institute of Standards and Technology (NIST)’s National Vulnerability Database (NVD). This bulletin provides essential insights for businesses

Weekly Vulnerability Roundup: Highlights from SingCERT’s Security Bulletin Read More »

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers

vulnerability, vulnerability management /

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers 2025-01-03 at 14:33 By Ashish Khaitan Overview  Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Vulnerability Insights report, offering a detailed overview of the critical vulnerabilities discovered between December 25, 2024, and December 31, 2024. The report highlights key security threats

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers Read More »

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services

cyber news, vulnerability, vulnerability management /

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services 2025-01-03 at 12:36 By Ashish Khaitan Overview  The Indian Computer Emergency Response Team (CERT-In) has issued an alert regarding a critical security vulnerability in the WPForms plugin for WordPress. The flaw, identified as CVE-2024-11205, could allow attackers to bypass authorization controls and

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services Read More »

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls 

vulnerability, vulnerability management /

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  2025-01-02 at 14:30 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-3393, a Palo Alto Networks PAN-OS Malformed DNS Packet vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability impacts the DNS Security feature

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  Read More »

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation

cyber news, vulnerability, vulnerability management /

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation 2024-12-31 at 14:51 By Ashish Khaitan Overview The Cybersecurity and Infrastructure Security Agency (CERT-In) released an urgent vulnerability note (CIVN-2024-0360) concerning several critical VibeBP vulnerabilities . These vulnerabilities in VibeBP pose online risk to website owners using affected versions, and they could lead to

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation Read More »

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024

CSA, cyber news, vulnerability, vulnerability management /

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 2024-12-31 at 10:56 By Ashish Khaitan Overview  The Cyber Security Agency of Singapore (CSA) has alerted users of multiple vulnerabilities in Apache software. According to the alert, three Apache vulnerabilities have been reported, including CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. In late 2024, the Apache

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 Read More »

A Look at CISA Known Exploited Vulnerabilities in 2024 

CISA, CISA KEV, CVE-2002-0367, CVE-2012-4792, CVE-2024-3393, cyber news, cybersecurity, Exploited Vulnerabilities, vulnerability /

A Look at CISA Known Exploited Vulnerabilities in 2024  2024-12-30 at 10:19 By Ashish Khaitan Overview  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 185 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2024, as the database grew to 1,238 software and hardware flaws at high risk of cyberattacks.  The agency removed at

A Look at CISA Known Exploited Vulnerabilities in 2024  Read More »

IT Vulnerability Report: Cyble Urges Fixes for Apache Struts, Qualcomm & More

IT Vulnerability, vulnerability /

IT Vulnerability Report: Cyble Urges Fixes for Apache Struts, Qualcomm & More 2024-12-24 at 12:34 By daksh sharma Overview Cyble’s December 19 IT vulnerability report to clients highlighted nine vulnerabilities at high risk of attack, including five under active discussion on dark web forums. Cyble vulnerability intelligence and dark web researchers also noted threat actor

IT Vulnerability Report: Cyble Urges Fixes for Apache Struts, Qualcomm & More Read More »

Cyble Sensors Detect Attacks on Ivanti, PHP, SAML, Network Devices, and More

Ivanti, vulnerability /

Cyble Sensors Detect Attacks on Ivanti, PHP, SAML, Network Devices, and More 2024-12-24 at 10:03 By daksh sharma Overview Cyble honeypot sensors detected dozens of vulnerabilities under attack in the threat intelligence leader’s most recent sensor intelligence report, including fresh attacks on an Ivanti vulnerability. Threat actors also targeted vulnerabilities affecting PHP and the Ruby

Cyble Sensors Detect Attacks on Ivanti, PHP, SAML, Network Devices, and More Read More »

Scroll to Top