vulnerability

Swap EOL Zyxel routers, upgrade Netgear ones!

access point, Don't miss, Hot stuff, Netgear, News, router, security update, VulnCheck, vulnerability, Zyxel /

Swap EOL Zyxel routers, upgrade Netgear ones! 2025-02-05 at 16:18 By Zeljka Zorz There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting its routers and wireless access points. Zyxel vulnerability: Exploited, no patches CVE-2024-40891, a command injection vulnerability […]

React to this headline:

Loading spinner

Swap EOL Zyxel routers, upgrade Netgear ones! Read More »

Exploitation of Over 700 Vulnerabilities Came to Light in 2024

exploited, Vulnerabilities, vulnerability /

Exploitation of Over 700 Vulnerabilities Came to Light in 2024 2025-02-04 at 19:34 By Ionut Arghire The number of vulnerabilities first reported as exploited surged last year amid a decrease in zero-day reports. The post Exploitation of Over 700 Vulnerabilities Came to Light in 2024 appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Exploitation of Over 700 Vulnerabilities Came to Light in 2024 Read More »

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

0-day, Don't miss, Hot stuff, News, security controls, spear-phishing, Trend Micro, Ukraine, vulnerability, Windows /

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) 2025-02-04 at 15:08 By Zeljka Zorz CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-Zip vulnerability (CVE-2025-0411) Mark-of-the-Web (MotW) is a

React to this headline:

Loading spinner

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) Read More »

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities

Cryptocurrency, Don't miss, extortion, finance, fraud, Hot stuff, News, USA, vulnerability /

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities 2025-02-04 at 12:16 By Help Net Security A Canadian man has been indicted in federal court in New York for exploiting vulnerabilities in two decentralized finance (DeFi) protocols to fraudulently obtain about $65 million from the protocols’ investors. The fraudulent scheme According to court

React to this headline:

Loading spinner

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities Read More »

Patient monitors with backdoor are sending info to China, CISA warns

backdoor, CISA, Don't miss, healthcare, Hot stuff, medical data, medical devices, News, Privacy, vulnerability /

Patient monitors with backdoor are sending info to China, CISA warns 2025-01-31 at 14:03 By Zeljka Zorz Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a hard-coded IP address and have a backdoor that can be used to download

React to this headline:

Loading spinner

Patient monitors with backdoor are sending info to China, CISA warns Read More »

Cyble’s Weekly Vulnerability Update: Critical SonicWall Zero-Day and Exploited Flaws Discovered

vulnerability, Weekly Vulnerability, Zero-Day /

Cyble’s Weekly Vulnerability Update: Critical SonicWall Zero-Day and Exploited Flaws Discovered 2025-01-31 at 12:36 By daksh sharma Overview Cyble’s weekly vulnerability insights to clients cover key vulnerabilities discovered between January 22 and January 28, 2025. The findings highlight a range of vulnerabilities across various platforms, including critical issues that are already being actively exploited. Notably,

React to this headline:

Loading spinner

Cyble’s Weekly Vulnerability Update: Critical SonicWall Zero-Day and Exploited Flaws Discovered Read More »

TeamViewer Patches High-Severity Vulnerability in Windows Applications

TeamViewer, Vulnerabilities, vulnerability /

TeamViewer Patches High-Severity Vulnerability in Windows Applications 2025-01-30 at 15:20 By Ionut Arghire TeamViewer has released patches for a high-severity elevation of privilege vulnerability in its client and host applications for Windows. The post TeamViewer Patches High-Severity Vulnerability in Windows Applications appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

React to this headline:

Loading spinner

TeamViewer Patches High-Severity Vulnerability in Windows Applications Read More »

ICS Vulnerability Report: Cyble Urges Critical mySCADA Fixes

ICS Vulnerability, MySCADA, vulnerability /

ICS Vulnerability Report: Cyble Urges Critical mySCADA Fixes 2025-01-30 at 10:48 By daksh sharma Overview A pair of 9.8-severity flaws in mySCADA myPRO Manager SCADA systems were among the vulnerabilities highlighted in Cyble’s weekly Industrial Control System (ICS) Vulnerability Intelligence Report. Cyble Research & Intelligence Labs (CRIL) examined eight ICS vulnerabilities in the January 28

React to this headline:

Loading spinner

ICS Vulnerability Report: Cyble Urges Critical mySCADA Fixes Read More »

89% of AI-powered APIs rely on insecure authentication mechanisms

API security, Artificial Intelligence, cybersecurity, News, report, survey, vulnerability, Wallarm /

89% of AI-powered APIs rely on insecure authentication mechanisms 2025-01-30 at 06:33 By Help Net Security APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, what is clear is that API security is no longer

React to this headline:

Loading spinner

89% of AI-powered APIs rely on insecure authentication mechanisms Read More »

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)

Censys, Don't miss, GreyNoise, Hot stuff, News, VulnCheck, vulnerability, Zyxel /

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) 2025-01-29 at 18:32 By Zeljka Zorz CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute

React to this headline:

Loading spinner

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) Read More »

New ICS Vulnerabilities Discovered in Schneider Electric and B&R Automation Systems

ICS Vulnerabilities, vulnerability /

New ICS Vulnerabilities Discovered in Schneider Electric and B&R Automation Systems 2025-01-29 at 15:03 By daksh sharma Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued two urgent advisories regarding serious ICS vulnerabilities in industrial control systems (ICS) products. These ICS vulnerabilities, identified in Schneider Electric’s RemoteConnect and SCADAPack x70 Utilities, as well as

React to this headline:

Loading spinner

New ICS Vulnerabilities Discovered in Schneider Electric and B&R Automation Systems Read More »

Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks

Node.js, vulnerability /

Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks 2025-01-28 at 14:18 By daksh sharma Overview A series of critical security vulnerabilities have been discovered in multiple versions of Node.js, a popular open-source JavaScript runtime used to build scalable network applications. These vulnerabilities, outlined in CERT-In Vulnerability Note CIVN-2025-0011, have been classified as high severity,

React to this headline:

Loading spinner

Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks Read More »

phpMyAdmin 5.2.2 Addresses Critical XSS and Library Vulnerabilities

PHPMyAdmin, vulnerability /

phpMyAdmin 5.2.2 Addresses Critical XSS and Library Vulnerabilities 2025-01-28 at 11:48 By daksh sharma Overview phpMyAdmin, a popular web-based tool for managing MySQL and MariaDB databases, has recently released version 5.2.2, addressing multiple vulnerabilities that posed a medium severity risk. This widely-used tool is a basis for database administrators, offering strong features and ease of

React to this headline:

Loading spinner

phpMyAdmin 5.2.2 Addresses Critical XSS and Library Vulnerabilities Read More »

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity

5G, cellular, LTE, Mobile & Wireless, vulnerability /

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity 2025-01-27 at 18:36 By Ionut Arghire Vulnerabilities in LTE/5G core infrastructure, some remotely exploitable, could lead to persistent denial-of-service to entire cities. The post LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

LTE, 5G Vulnerabilities Could Cut Entire Cities From Cellular Connectivity Read More »

IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble

vulnerability /

IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble 2025-01-27 at 17:20 By daksh sharma Overview Cyble’s vulnerability intelligence report to clients last week examined high-risk flaws in 7-Zip, Microsoft Windows, and Fortinet, among other products. It also examined dark web claims of a zero-day vulnerability in Apple iOS. In all, the report

React to this headline:

Loading spinner

IT Vulnerability Report: 7-Zip, Windows and Fortinet Fixes Urged by Cyble Read More »

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

Bishop Fox, CVE, Don't miss, enterprise, Hot stuff, News, security update, SMBs, SonicWall, vulnerability /

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) 2025-01-27 at 17:20 By Zeljka Zorz 5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability on

React to this headline:

Loading spinner

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) Read More »

Git Vulnerabilities Led to Credentials Exposure

Clone2Leak, Git, Vulnerabilities, vulnerability /

Git Vulnerabilities Led to Credentials Exposure 2025-01-27 at 14:49 By Ionut Arghire Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to compromise user credentials. The post Git Vulnerabilities Led to Credentials Exposure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source React to this headline:

React to this headline:

Loading spinner

Git Vulnerabilities Led to Credentials Exposure Read More »

Unlocking Vulnrichment: Enhancing CVE Data for Smarter Vulnerability Management 

vulnerability /

Unlocking Vulnrichment: Enhancing CVE Data for Smarter Vulnerability Management  2025-01-24 at 16:48 By Cyble Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has introduced Vulnrichment, an innovative initiative designed to enhance CVE data by adding crucial context, scoring, and detailed analysis. Launched on May 10, 2024, Vulnrichment aims to empower security professionals by providing more

React to this headline:

Loading spinner

Unlocking Vulnrichment: Enhancing CVE Data for Smarter Vulnerability Management  Read More »

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

Cisco, Don't miss, Hot stuff, News, PoC, security update, video conferencing, vulnerability /

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw 2025-01-23 at 15:03 By Zeljka Zorz Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint

React to this headline:

Loading spinner

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw Read More »

Aircraft Collision Avoidance Systems Hit by High-Severity ICS Vulnerability 

cyber news, vulnerability /

Aircraft Collision Avoidance Systems Hit by High-Severity ICS Vulnerability  2025-01-23 at 14:48 By Paul Shread Overview  A pair of vulnerabilities in the Traffic Alert and Collision Avoidance System (TCAS) II for avoiding midair collisions were among 20 vulnerabilities reported by Cyble in its weekly Industrial Control System (ICS) Vulnerability Intelligence Report.  The midair collision system

React to this headline:

Loading spinner

Aircraft Collision Avoidance Systems Hit by High-Severity ICS Vulnerability  Read More »

Scroll to Top