vulnerability

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)

CVE, Don't miss, ESET, Microsoft, News, research, vulnerability /

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) 2025-01-16 at 12:03 By Help Net Security ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability […]

React to this headline:

Loading spinner

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) Read More »

Rsync vulnerabilities allow remote code execution on servers, patch quickly!

Debian, Don't miss, Hot stuff, Linux, News, Ubuntu, vulnerability /

Rsync vulnerabilities allow remote code execution on servers, patch quickly! 2025-01-15 at 16:46 By Zeljka Zorz Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only

React to this headline:

Loading spinner

Rsync vulnerabilities allow remote code execution on servers, patch quickly! Read More »

Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security

Fortinet, vulnerability /

Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security 2025-01-15 at 14:24 By daksh sharma Overview Fortinet has disclosed a critical authentication bypass vulnerability affecting FortiOS and FortiProxy systems, identified as CVE-2024-55591. With a CVSS score of 9.6, this vulnerability allows unauthenticated attackers to execute unauthorized code or commands, granting them “super-admin” privileges.

React to this headline:

Loading spinner

Fortinet’s Authentication Bypass Zero-Day: Mitigation Strategies and IoCs for Enhanced Security Read More »

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

0-day, Action1, Don't miss, Hot stuff, Immersive Labs, Microsoft, MS Office, News, Tenable, Trend Micro, Unpatched.ai, virtualization, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws 2025-01-14 at 23:03 By Zeljka Zorz Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The exploited zero-days are CVE-2025-21333

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Read More »

What 2024 taught us about security vulnerabilties

BitSight, Black Duck, Checkmarx, CISA, cybersecurity, FBI, Fortinet, NCSC, News, NSA, report, Skybox Security, survey, Tenable, Veracode, vulnerability /

What 2024 taught us about security vulnerabilties 2025-01-14 at 06:03 By Help Net Security From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical gaps in organizational defenses. This roundup showcases the standout findings from 2024’s cybersecurity reports, highlighting critical risks and

React to this headline:

Loading spinner

What 2024 taught us about security vulnerabilties Read More »

Inside the Active Threats of Ivanti’s Exploited Vulnerabilities

Ivanti, vulnerability /

Inside the Active Threats of Ivanti’s Exploited Vulnerabilities 2025-01-13 at 15:19 By daksh sharma Threats, exploitation, and mitigation of Ivanti’s two critical actively exploited vulnerabilities—CVE-2025-0282 and CVE-2025-0283—affecting its Connect Secure, Policy Secure, and Neurons for ZTA Gateways. Overview On January 8, 2025, Ivanti disclosed two critical vulnerabilities—CVE-2025-0282 and CVE-2025-0283—affecting its Connect Secure, Policy Secure, and

React to this headline:

Loading spinner

Inside the Active Threats of Ivanti’s Exploited Vulnerabilities Read More »

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report

vulnerability, vulnerability management /

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report 2025-01-10 at 09:35 By Ashish Khaitan Overview  This week’s ICS vulnerability report sheds light on multiple flaws detected between January 01, 2025, to January 07, 2025. The report offers crucial insights into the cybersecurity challenges faced by organizations. It draws attention to the vulnerabilities identified by the

React to this headline:

Loading spinner

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report Read More »

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers

CISA, Don't miss, enterprise, Hot stuff, Mitel, News, Oracle WebLogic, vulnerability /

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers 2025-01-08 at 14:20 By Zeljka Zorz CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The Mitel MiCollab vulnerabilities exploited Mitel MiCollab is a popular enterprise collaboration suite. CVE-2024-41713 and CVE-2024-55550 are both path traversal

React to this headline:

Loading spinner

Mitel MiCollab, Oracle WebLogic Server vulnerabilities exploited by attackers Read More »

CISA Releases Two New Industrial Control Systems Advisories for 2025

vulnerability, vulnerability management /

CISA Releases Two New Industrial Control Systems Advisories for 2025 2025-01-08 at 14:12 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories. These advisories, ICSA-25-007-01 and ICSA-25-007-02, aim to inform users and administrators about vulnerabilities in key ICS products. The goal is to mitigate potential

React to this headline:

Loading spinner

CISA Releases Two New Industrial Control Systems Advisories for 2025 Read More »

Tenable Nessus Bug and LDAP RCE: What You Need to Know

vulnerability, vulnerability management /

Tenable Nessus Bug and LDAP RCE: What You Need to Know 2025-01-07 at 12:48 By Ashish Khaitan Overview  JoCERT has alerted the global cybersecurity community about two critical issues requiring urgent attention from IT professionals and system administrators. The first involves Tenable Nessus Agents, a widely-used vulnerability scanning tool, while the second concerns a critical

React to this headline:

Loading spinner

Tenable Nessus Bug and LDAP RCE: What You Need to Know Read More »

Open source worldwide: Critical maintenance gaps exposed

code, Don't miss, Hot stuff, Lineaje, open source, software, Video, vulnerability /

Open source worldwide: Critical maintenance gaps exposed 2025-01-07 at 06:31 By Help Net Security Lineaje recently released a report identifying the US and Russia as the leading generators of open-source projects, with both countries also having the highest numbers of anonymous open-source contributions. In this Help Net Security video, Nick Mistry, SVP and CISO of

React to this headline:

Loading spinner

Open source worldwide: Critical maintenance gaps exposed Read More »

Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024

CRIL, Four-Faith routers, PAN-OS, vulnerability, Weekly Vulnerability /

Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024 2025-01-06 at 15:36 By daksh sharma Overview This week’s vulnerability report sheds light on a broad range of critical vulnerabilities identified from December 25 to December 31, 2024. The report emphasizes several high-severity flaws that pose online threats to cybersecurity, including new additions to

React to this headline:

Loading spinner

Weekly Vulnerability Insights Report: Critical Vulnerabilities Highlighted from December 25-31, 2024 Read More »

Weekly Vulnerability Roundup: Highlights from SingCERT’s Security Bulletin

SingCERT, vulnerability /

Weekly Vulnerability Roundup: Highlights from SingCERT’s Security Bulletin 2025-01-06 at 14:48 By daksh sharma Overview The Singapore Computer Emergency Response Team (SingCERT) has released its latest Security Bulletin, summarizing vulnerabilities reported in the past week from the National Institute of Standards and Technology (NIST)’s National Vulnerability Database (NVD). This bulletin provides essential insights for businesses

React to this headline:

Loading spinner

Weekly Vulnerability Roundup: Highlights from SingCERT’s Security Bulletin Read More »

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers

vulnerability, vulnerability management /

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers 2025-01-03 at 14:33 By Ashish Khaitan Overview  Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Vulnerability Insights report, offering a detailed overview of the critical vulnerabilities discovered between December 25, 2024, and December 31, 2024. The report highlights key security threats

React to this headline:

Loading spinner

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers Read More »

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services

cyber news, vulnerability, vulnerability management /

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services 2025-01-03 at 12:36 By Ashish Khaitan Overview  The Indian Computer Emergency Response Team (CERT-In) has issued an alert regarding a critical security vulnerability in the WPForms plugin for WordPress. The flaw, identified as CVE-2024-11205, could allow attackers to bypass authorization controls and

React to this headline:

Loading spinner

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services Read More »

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls 

vulnerability, vulnerability management /

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  2025-01-02 at 14:30 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-3393, a Palo Alto Networks PAN-OS Malformed DNS Packet vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability impacts the DNS Security feature

React to this headline:

Loading spinner

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  Read More »

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation

cyber news, vulnerability, vulnerability management /

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation 2024-12-31 at 14:51 By Ashish Khaitan Overview The Cybersecurity and Infrastructure Security Agency (CERT-In) released an urgent vulnerability note (CIVN-2024-0360) concerning several critical VibeBP vulnerabilities . These vulnerabilities in VibeBP pose online risk to website owners using affected versions, and they could lead to

React to this headline:

Loading spinner

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation Read More »

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024

CSA, cyber news, vulnerability, vulnerability management /

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 2024-12-31 at 10:56 By Ashish Khaitan Overview  The Cyber Security Agency of Singapore (CSA) has alerted users of multiple vulnerabilities in Apache software. According to the alert, three Apache vulnerabilities have been reported, including CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. In late 2024, the Apache

React to this headline:

Loading spinner

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 Read More »

A Look at CISA Known Exploited Vulnerabilities in 2024 

CISA, CISA KEV, CVE-2002-0367, CVE-2012-4792, CVE-2024-3393, cyber news, cybersecurity, Exploited Vulnerabilities, vulnerability /

A Look at CISA Known Exploited Vulnerabilities in 2024  2024-12-30 at 10:19 By Ashish Khaitan Overview  The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 185 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2024, as the database grew to 1,238 software and hardware flaws at high risk of cyberattacks.  The agency removed at

React to this headline:

Loading spinner

A Look at CISA Known Exploited Vulnerabilities in 2024  Read More »

IT Vulnerability Report: Cyble Urges Fixes for Apache Struts, Qualcomm & More

IT Vulnerability, vulnerability /

IT Vulnerability Report: Cyble Urges Fixes for Apache Struts, Qualcomm & More 2024-12-24 at 12:34 By daksh sharma Overview Cyble’s December 19 IT vulnerability report to clients highlighted nine vulnerabilities at high risk of attack, including five under active discussion on dark web forums. Cyble vulnerability intelligence and dark web researchers also noted threat actor

React to this headline:

Loading spinner

IT Vulnerability Report: Cyble Urges Fixes for Apache Struts, Qualcomm & More Read More »

Scroll to Top