>>> BLACK FRIDAY 2025 cybersecurity deals to explore <<<

Please turn on your JavaScript for this page to function normally.

vulnerability

Palo Alto Networks
Attackers are chaining flaws to breach Palo Alto Networks firewalls

Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ …

wireless router
Swap EOL Zyxel routers, upgrade Netgear ones!

There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting …

7-zip
Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver …

send money
Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities

A Canadian man has been indicted in federal court in New York for exploiting vulnerabilities in two decentralized finance (DeFi) protocols to fraudulently obtain about $65 …

CMS8000 Patient Monitor
Patient monitors with backdoor are sending info to China, CISA warns

Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a …

API security
89% of AI-powered APIs rely on insecure authentication mechanisms

APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, …

Zyxel
Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)

CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, …

SonicWall
5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at …

Cisco
Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) …

SimpleHelp
Critical SimpleHelp vulnerabilities fixed, update your server instances!

If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security …

UEFI Secure Boot
New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)

ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a …

Linux
Rsync vulnerabilities allow remote code execution on servers, patch quickly!

Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a …

Featured news

Resources

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools