Zeljka Zorz

Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to …

Apple releases iOS 18, with security and privacy improvements
Apple has launched iOS 18, the latest significant iteration of the operating system powering its iPhones. Along with many new features and welcome customization options, iOS …

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, …

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering web pages on Windows – “was …

Suspect arrested over the Transport for London cyberattack
The UK National Crime Agency has arrested and detained a suspect – a 17-year-old male in Walsall (West Midlands) – on suspicion of Computer Misuse Act offences in …

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary …

Losses due to cryptocurrency and BEC scams are soaring
Every type of fraud is on the rise, and 2023 was a particularly devastating year for victims of cryptocurrency and business email compromise (BEC) scams, according to the FBI. …

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers …

Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, …

CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting …

Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability …

Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and …
Featured news
Resources
Don't miss
- Hackers love LOTL, this approach shuts them down
- A2AS framework targets prompt injection and agentic AI security risks
- How to stop a single vendor breach from taking down your business
- CISA says it will fill the gap as federal funding for MS-ISAC dries up
- Webinar: The BAS Summit 2025: Redefining Attack Simulation through AI