vulnerability
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging …
Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363)
A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid …
Attackers are chaining flaws to breach Palo Alto Networks firewalls
Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ …
Swap EOL Zyxel routers, upgrade Netgear ones!
There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting …
Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver …
Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities
A Canadian man has been indicted in federal court in New York for exploiting vulnerabilities in two decentralized finance (DeFi) protocols to fraudulently obtain about $65 …
Patient monitors with backdoor are sending info to China, CISA warns
Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a …
89% of AI-powered APIs rely on insecure authentication mechanisms
APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, …
Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)
CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, …
5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)
5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at …
Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) …
Critical SimpleHelp vulnerabilities fixed, update your server instances!
If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security …
Featured news
Resources
Don't miss
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
- RansomHub affiliate leverages multi-function Betruger backdoor
- Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates
- 5 pitfalls that can delay cyber incident response and recovery
- How healthcare CISOs can balance security and accessibility without compromising care