Multiple vulnerabilities have been discovered in Ivanti Products, the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Ivanti Connect Secure is an SSL VPN solution for...
[[{“value”:”Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2″}]] – Read More –...
[[{“value”:” CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282 Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA urges organizations to apply mitigations as set forth in the CISA instructions linked below to include conducting...
[[{“value”:” Ivanti released security updates to address vulnerabilities (CVE-2025-0282, CVE-2025-0283) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. A cyber threat actor could exploit CVE-2025-0282 to take control of an affected system. CISA has added CVE-2025-0282 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CISA urges organizations to hunt for any malicious activity, report any positive...
Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. […] – Read More – BleepingComputer
Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. […] – Read More – BleepingComputer
Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. […] – Read More – BleepingComputer
SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.” […] – Read More – BleepingComputer
Russian internet service provider Nodex confirmed on Tuesday that its network was “destroyed” in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance […] – Read More – BleepingComputer
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. […] – Read More – BleepingComputer
[[{“value”:” Every chief information security officer worth their salt spends time thinking about the problem of shadow IT in their enterprise. Systems, hardware or infrastructure that might have been connected to your network years ago, for reasons no one can remember, were then summarily forgotten until years later when they become an entry point in a data breach or compromise....
– [[{“value”:”Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards...
– [[{“value”:” Microsoft is petitioning a Virginia court to seize software and shut down internet infrastructure that they allege is being used by a group of foreign cybercriminals to bypass safety guidelines for generative AI systems. In a filing with the Eastern District Court of Virginia, Microsoft brought a lawsuit against ten individuals for using stolen credentials and custom software...
– Reflecting on 2024, it has been an eventful year for the Zero Day Initiative Threat Hunting team. Throughout the year, we identified numerous threat actor campaigns exploiting zero-day vulnerabilities, uncovered additional variants of these vulnerabilities, and discovered even more vulnerabilities through our in-the-wild research. In this blog, we will highlight some of the key achievements of the Zero Day...
Using the Cloud Security Principles to evaluate the suitability of a cloud service. – Read More – NCSC Feed
– Initial Access Brokers (IABs) are specialized cybercriminals that break into corporate networks and sell stolen access to other attackers. Learn from Specops Software about how IABs operate and how businesses can protect themselves. […] – Read More – BleepingComputer
– The United Nations’ International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. […] – Read More – BleepingComputer
– American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. […] – Read More – BleepingComputer
The voluntary Cyber Trust Mark labeling program will allow consumers to assess the cybersecurity of IoT devices when making purchasing decisions – Read More –
– Fortinet uncovers a new PayPal phishing scam exploiting legitimate platform features. Learn how this sophisticated attack works and how to protect yourself from falling victim. – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients – Read More –
– [[{“value”:”Cybersecurity researchers have shed light on a new remote access trojan called NonEuclid that allows bad actors to remotely control compromised Windows systems. “The NonEuclid remote access trojan (RAT), developed in C#, is a highly sophisticated malware offering unauthorised remote access with advanced evasion techniques,” Cyfirma said in a technical analysis published last week. “It employs”}]] – Read More ...
– SUMMARY Cybersecurity researchers at Group-IB have discovered a sophisticated refund scam where scammers are using remote access tools… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– 2024 had its fair share of high-profile cyber attacks, with companies as big as Dell and TicketMaster falling victim to data breaches and other infrastructure compromises. In 2025, this trend will continue. So, to be prepared for any kind of malware attack, every organization needs to know its cyber enemy in advance. Here are 5 common malware families that...
Electronics firm Casio revealed that ransomware attackers have leaked the personal data of employees, customers and business partners – Read More –
A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices – Read More –
– [[{“value”:”A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.”}]] – Read More – The Hacker...
– Critical security vulnerabilities have been found in Moxa cellular routers and network security appliances. Learn about CVE-2024-9138 &… – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– Millions of email servers worldwide remain alarmingly vulnerable to cyberattacks due to a critical security oversight: the absence of Transport Layer Security (TLS) encryption. – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. “IoT products can be susceptible to a range of security vulnerabilities,” the U.S. Federal Communications Commission (FCC) said. “Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear”}]] – Read More ...
Group-IB has observed scammers impersonating government officials to trick disaffected consumers into divulging card details – Read More –
– [[{“value”:” Introduction: Google’s recent announcement of their Willow quantum processor marks a significant advancement in quantum computing technology while raising questions about the security and sustainability of current encryption methods. As quantum computers grow more powerful, cybersecurity experts grow increasingly concerned about their potential to break widely used encryption standards that protect sensitive data worldwide. Quantum vs. Traditional Computing:...
– [[{“value”:”The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2024-41713 (CVSS score: 9.1) – A path traversal vulnerability in Mitel MiCollab that could allow an attacker”}]] – Read...
– [[{“value”:” Days after the four-year anniversary of the creation of the Office of the National Cyber Director and days before its current chief is set to depart, that man, Harry Coker Jr., looked both backward and forward at the office in a speech Tuesday and a separate interview with CyberScoop. Coker touched on software liability, regulations, the authorities of...
– [[{“value”:” Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications...
– [[{“value”:”In episode 32 of The AI Fix, our hosts learn the meaning of “poronkusema”, Mark discovers his dream job, a school tries using AI instead of teachers, the “Godfather of AI” says AI will see us as toddlers, and Graham lifts the lid on the hidden threat of killer robot fridges. Mark explains why 2025 is the year of...
– [[{“value”:” The White House announced Tuesday the official launch of the U.S. Cyber Trust Mark, a cybersecurity labeling initiative aimed at enhancing the security of internet-connected devices. The initiative tackles rising consumer concerns about the security vulnerabilities of “smart” devices essential to modern homes. As households become more dependent on interconnected gadgets — with a 2023 Deloitte study revealing...
New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI – Read More –
– Philadelphia, Pennsylvania, 7th January 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution – Read More –
– [[{“value”:” Android has released its first security update of the year, disclosing several critical and high-severity vulnerabilities that affect a wide range of Android devices. The bulletin identifies five critical remote code execution (RCE) vulnerabilities affecting what Android categorizes as the “system,” which encompasses Android’s core components and underlying architecture. These vulnerabilities could allow attackers to execute code without...
[[{“value”:” CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability Users and administrators are also encouraged to review the Palo Alto Threat Brief: Operation Lunar Peek related to CVE-2024-0012, the Palo Alto Security Bulletin for CVE-2024-0012, and...
[[{“value”:” CISA released two Industrial Control Systems (ICS) advisories on January 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-007-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products ICSA-25-007-02 Nedap Librix Ecoreader CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. “}]] – Read More – All...
[[{“value”:” View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerabilities: Files or Directories Accessible to External Parties, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information, Cross-site Scripting, Server-Side Request Forgery (SSRF), Improper Neutralization of Special Elements in Data Query Logic, Allocation of Resources...
[[{“value”:” View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Nedap Librix Equipment: Ecoreader Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Ecoreader are affected: Ecoreader: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING...
– Ramat Gan, Israel, 7th January 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News
– [[{“value”:”Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. “The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard”}]] – Read More –...
– It’s time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a...
Netskope observed a 190% growth in enterprise users clicking phishing links as attackers become more creative in delivering effective lures – Read More –
The UK government is cracking down on the generation of sexually explicit deepfakes in a bid to protect women and girls – Read More –
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
