Identity & Access SimpleHelp Remote Access Software Exploited in Attacks Threat actors have been exploiting SimpleHelp remote access software shortly after the disclosure of three vulnerabilities. Ionut ArghireJanuary 29, 2025
Malware & Threats VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer VMware warns that a malicious user with network access may be able to use specially crafted SQL queries to gain database access. Ryan NaraineJanuary 28, 2025
Vulnerabilities SonicWall Confirms Exploitation of New SMA Zero-Day SonicWall has confirmed that an SMA 1000 zero-day tracked as CVE-2025-23006 has been exploited in the wild. Eduard KovacsJanuary 28, 2025
Mobile & Wireless Apple Patches First Exploited iOS Zero-Day of 2025 Apple has released fixes for dozens of vulnerabilities in its mobile and desktop products, including an iOS zero-day exploited in attacks. Ionut ArghireJanuary 28, 2025
Vulnerabilities Git Vulnerabilities Led to Credentials Exposure Vulnerabilities in Git’s credential retrieval protocol could have allowed attackers to compromise user credentials. Ionut ArghireJanuary 27, 2025
Vulnerabilities CISA Warns of Old jQuery Vulnerability Linked to Chinese APT CISA has added the JQuery flaw CVE-2020-11023, previously linked to APT1, to its Known Exploited Vulnerabilities (KEV) catalog. Eduard KovacsJanuary 24, 2025
Vulnerabilities Hackers Earn $886,000 at Pwn2Own Automotive 2025 for Charger, OS, Infotainment Exploits Pwn2Own Automotive 2025 has come to an end and participants have earned a total of $886,000 for exploits targeting EV chargers and infotainment systems. Eduard KovacsJanuary 24, 2025
Vulnerabilities Cisco Patches Critical Vulnerability in Meeting Management Cisco has released patches for three vulnerabilities, including a critical privilege escalation bug and a DoS flaw for which exploit code exists. Ionut ArghireJanuary 23, 2025
Vulnerabilities SonicWall Learns From Microsoft About Potentially Exploited Zero-Day SonicWall has credited Microsoft for reporting CVE-2025-23006, a critical remote command execution vulnerability possibly exploited in the wild. Eduard KovacsJanuary 23, 2025
Vulnerabilities Over $380,000 Paid Out on First Day of Pwn2Own Automotive 2025 $380,000 paid out on the first day of Pwn2Own Automotive 2025 for exploits targeting car infotainment units, operating systems, and chargers. Eduard KovacsJanuary 22, 2025
Vulnerabilities Oracle Patches 200 Vulnerabilities With January 2025 CPU Oracle has released 318 new security patches to address roughly 200 unique CVEs as part of its January 2025 Critical Patch Update. Ionut ArghireJanuary 22, 2025
IoT Security Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities Kaspersky has disclosed the details of over a dozen vulnerabilities discovered in a Mercedes-Benz MBUX infotainment system. Eduard KovacsJanuary 20, 2025