Ivanti Flaw CVE-2025-0282 Actively Exploited, Impacts Connect Secure and Policy Secure Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a Read more…
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in Read more…
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below – CVE-2024-20767 (CVSS Read more…
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all Read more…
Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are Read more…
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks Microsoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild. The vulnerability that has been tagged with Read more…
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild. The flaws are listed below – CVE-2024-44308 (CVSS score: 8.8) – A Read more…
Microsoft Fixes 90 New Flaws, Including Actively Exploited NTLM and Task Scheduler Bugs Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant Read more…
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System Nov 05, 2024Ravie LakshmananMobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw Read more…
HM Surf macOS vuln potentially exploited by Adloader malware • The Register In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems. The bug, tracked as CVE-2024-44133 (CVSS 5.5) and patched in September’s macOS Sequoia updates, is believed Read more…