>>> BLACK FRIDAY 2025 cybersecurity deals to explore <<<

Please turn on your JavaScript for this page to function normally.

vulnerability

BlastRADIUS
Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS (CVE-2024-3596), leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. …

Fortra FileCatalyst
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s …

vulnerabilities
75% of new vulnerabilities exploited within 19 days

Last year alone, over 30,000 new vulnerabilities were published, with a new vulnerability emerging approximately every 17 minutes — averaging 600 new vulnerabilities per week, …

SnailLoad
New security loophole allows spying on internet users’ online activity

Researchers at Graz University of Technology were able to spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection. …

Intel
Intel-powered computers affected by serious firmware flaw (CVE-2024-0762)

A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privileges and run arbitrary …

vulnerabilities
Rising exploitation in enterprise software: Key trends for CISOs

Action1 researchers found an alarming increase in the total number of vulnerabilities across all enterprise software categories. “With the NVD’s delay in associating Common …

vmware
Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)

VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud …

PHP
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks …

JetBrains
Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. …

SolarWinds
SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by …

Zyxel
Zyxel patches critical flaws in EOL NAS devices

Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that …

Cisco Webex
Vulnerability in Cisco Webex cloud service exposed government authorities, companies

The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party …

Featured news

Resources

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools