Zeljka Zorz
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers …
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, …
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting …
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability …
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and …
Exposed: Russian military Unit 29155 does digital sabotage, espionage
The US Department of Justice has named five Russian computer hackers as members of Unit 29155 – i.e., the 161st Specialist Training Center of the Russian General Staff …
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to …
Microchip Technology confirms theft of employee data
US-based semiconductor manufacturer Microchip Technology has confirmed that the cyberattack it suffered in August 2024 resulted in the theft of data, including “employee …
The future of automotive cybersecurity: Treating vehicles as endpoints
The automotive industry is facing many of the same cybersecurity risks and threats that successful organizations in other sectors are up against, but it’s also battling some …
North Korean hackers’ social engineering tricks
“North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several …
Vulnerability allows Yubico security keys to be cloned
Researchers have unearthed a cryptographic vulnerability in popular Yubico (FIDO) hardware security keys and modules that may allow attackers to clone the devices. But the …
Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute …
Featured news
Resources
Don't miss
- CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities
- Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom
- Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)
- Attackers use Windows App-V scripts to slip infostealer past enterprise defenses
- Microsoft reveals actively exploited Office zero-day, provides emergency fix (CVE-2026-21509)