Vulnerabilities GFI KerioControl Firewall Vulnerability Exploited in the Wild Threat actors are exploiting a recent GFI KerioControl firewall vulnerability that leads to remote code execution. Ionut Arghire4 days ago
Malware & Threats Exploitation of New Ivanti VPN Zero-Day Linked to Chinese Cyberspies Google Cloud’s Mandiant has linked the exploitation of CVE-2025-0282, a new Ivanti VPN zero-day, to Chinese cyberspies. Eduard Kovacs4 days ago
Vulnerabilities CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks CISA says two recently disclosed path traversal vulnerabilities in the Mitel MiCollab collaboration platform have been exploited in attacks. Ionut Arghire5 days ago
Vulnerabilities Palo Alto Networks Patches Firewall Zero-Day Exploited for DoS Attacks Palo Alto Networks has patched CVE-2024-3393, a vulnerability that has been exploited for DoS attacks against the company’s firewalls. Eduard KovacsDecember 30, 2024
ICS/OT Four-Faith Industrial Router Vulnerability Exploited in Attacks Threat actors are exploiting a command injection vulnerability in Four-Faith industrial routers to deploy a reverse shell. Ionut ArghireDecember 30, 2024
Vulnerabilities CISA Urges Immediate Patching of Exploited BeyondTrust Vulnerability CISA is urging federal agencies to patch a recent critical vulnerability in BeyondTrust remote access products in one week. Ionut ArghireDecember 20, 2024
Vulnerabilities BeyondTrust Patches Critical Vulnerability Discovered During Security Incident Probe A critical vulnerability in BeyondTrust Privileged Remote Access and Remote Support could lead to arbitrary command execution. Ionut ArghireDecember 18, 2024
Vulnerabilities Exploitation of Recent Critical Apache Struts 2 Flaw Begins Researchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE). Ionut ArghireDecember 18, 2024
Vulnerabilities CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities CISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild. Eduard KovacsDecember 17, 2024
Ransomware CVE Assigned to Cleo Vulnerability as Cl0p Ransomware Group Takes Credit for Exploitation The Cl0p ransomware group has taken credit for exploitation of the Cleo product vulnerability tracked as CVE-2024-55956. Eduard KovacsDecember 16, 2024
Malware & Threats Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks Cleo has released patches for the exploited vulnerability and security firms have detailed the malware delivered in attacks. Eduard KovacsDecember 12, 2024
Vulnerabilities Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites Two vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins allow attackers to backdoor websites. Ionut ArghireDecember 12, 2024