Zeljka Zorz

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security …

For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug …

Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company …

An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About …

American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of …

Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others …

Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, …

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and …

While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote …

Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat …

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. …

The third phase of Operation Cronos, which involved officers from the UK National Crime Agency (NCA), the FBI, Europol and other law enforcement agencies, has resulted in the …