• The Cyber Express

Microsoft’s Patch Tuesday for February 2025 fixes four zero-day vulnerabilities, including two under active attack, plus another eight flaws judged to be at high risk of attack. In all, the Patch Tues ... Read more

• The Cyber Express

Apple has issued emergency updates to fix a critical security flaw that is actively being exploited in iOS and iPadOS. On February 10, the tech giant released out-of-band security patches to address a ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, identified as CV ... Read more

• The Cyber Express

The Indian Computer Emergency Response Team (CERT-In) has issued a vulnerability note (CIVN-2025-0016) highlighting a series of Mozilla vulnerability, including Firefox and Thunderbird. These vulnerab ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding several new vulnerabilities that have been actively exploit ... Read more

• The Hacker News

Vulnerability / Network Security As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase yea ... Read more

• The Cyber Express

A new set of critical vulnerabilities has been identified in Contec Health’s CMS8000 Patient Monitor, posing significant cybersecurity and patient safety risks. These vulnerabilities, which have recei ... Read more

• The Cyber Express

As we step into 2025, the cybersecurity landscape is evolving at an unprecedented pace. The frequency of cyberattacks continues to rise, with organizations facing an average of 1,308 attacks per week ... Read more

• The Cyber Express

Cisco has issued a security advisory regarding a critical privilege escalation vulnerability found in Cisco Meeting Management. The vulnerability is tied to the REST API component of the platform, and ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly issued a Cybersecurity Advisory to address the active exploitation of critical vu ... Read more

• The Cyber Express

Every day, hundreds of new Common Vulnerabilities and Exposures (CVEs) are published, many of which target critical systems that keep businesses and governments operational. For cybersecurity professi ... Read more

• The Cyber Express

Mozilla Firefox and Thunderbird users are facing a series of high-severity vulnerabilities that could leave systems open to exploitation. The Indian Computer Emergency Response Team (CERT-In) issued a ... Read more

• The Cyber Express

A security vulnerability has been identified in the CP Plus CP-XR-DE21-S Router, which could potentially expose sensitive user information and compromise system integrity. This CP Plus Router vulnerab ... Read more

• The Cyber Express

Yubico has released a security advisory, YSA-2025-01, which highlighted a vulnerability within the software module that supports two-factor authentication (2FA) for Linux and macOS platforms. This iss ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new tool aimed at strengthening the cybersecurity resilience of AI systems. The AI Cybersecurity Collaboration Playbook, deve ... Read more

• The Cyber Express

Microsoft’s Patch Tuesday update for January 2025 patches 159 vulnerabilities, including eight zero-days, three of which are being actively exploited. The Microsoft January 2025 Patch Tuesday release ... Read more

• Help Net Security

From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical gaps in organizational defenses. T ... Read more

• The Cyber Express

Ivanti has released patches to address two significant vulnerabilities in its Ivanti Connect Secure, Policy Secure, and ZTA Gateways products. These Ivanti vulnerabilities, identified as CVE-2025-0282 ... Read more

• The Cyber Express

The BayMark Health Services, Inc. has reported a data breach to the California Attorney General, revealing that an unauthorized party had accessed sensitive files within the company’s computer network ... Read more

• The Cyber Express

The rise of cyberattacks has changed the dynamics of global industries, with cybercriminals increasingly targeting sectors that hold vast amounts of sensitive data, financial resources, or critical in ... Read more

• The Cyber Express

Cybersecurity professionals are the frontline warriors combating hackers, hacktivists, and ransomware groups. To fight with these cyber criminals, the world needs cybersecurity expertise who can acces ... Read more

• The Cyber Express

As the world welcomed the New Year, cybersecurity experts had little reason to celebrate. On January 1, 2025, the Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert about a ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog by adding a newly discovered vulnerability in Palo Alto Networks’ PAN-OS vers ... Read more

• Darktrace

Explore how nation-state supply chain attacks like 3CX, NotPetya, and SolarWinds exploited trusted providers to cause global disruption, highlighting the urgent need for robust security measures.In re ... Read more

• The Cyber Express

In 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) continued to build on its critical cybersecurity initiative by expanding its Known Exploited Vulnerabilities (KEV) catalog. Th ... Read more

• The Cyber Express

The Cyber Security Agency of Singapore has issued a warning about several critical vulnerabilities found in Apache software products. The Apache Software Foundation has rolled out security patches add ... Read more

• Dark Reading

In 2024, we at Dark Reading covered a variety of attacks, exploits, and, of course, vulnerabilities across the board. Here, we recount 10 emerging threats organizations should be prepared for — as det ... Read more

• The Cyber Express

Adobe has issued an urgent security advisory to address a critical vulnerability in Adobe ColdFusion, affecting versions 2023 and 2021. This vulnerability, tracked as CVE-2024-53961, is linked to a pa ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability, CVE-2021-44207, to its Known Exploited Vulnerabilities (KEV) Catalog. This action follows ... Read more

• The Cyber Express

The latest Sensor Intelligence Report from Cyble, dated December 4–10, 2024, sheds light on a troubling increase in cyber threats, including malware intrusions, phishing scams, and attacks targeting v ... Read more

• The Cyber Express

Microsoft’s December Patch Tuesday update, the last one of 2024, addresses a massive number of vulnerabilities, including 71 newly identified flaws across various products. As part of the regular Dece ... Read more

• The Cyber Express

Cyble researchers have detected a new campaign targeting Russia by the hacktivist group Head Mare that uses a disguised LNK file to hide an executable. The campaign is also noteworthy for its ability ... Read more

• The Cyber Express

QNAP NAS systems, widely regarded for their reliability in personal and enterprise data storage, have recently come under scrutiny due to multiple critical vulnerabilities. These QNAP NAS vulnerabilit ... Read more

• The Cyber Express

A critical vulnerability, identified as CVE-2024-11205, was discovered in the WPForms plugin, a popular WordPress form builder used by over 6 million active websites. This vulnerability, which has bee ... Read more

• The Cyber Express

The Indian Computer Emergency Response Team (CERT-In), the national nodal agency for responding to cybersecurity threats, has issued a vulnerability note (CIVN-2024-0355) highlighting an information d ... Read more

• The Cyber Express

Veeam has published a critical advisory regarding severe vulnerabilities affecting its Veeam Service Provider Console (VSPC), particularly impacting version 8.1.0.21377 and earlier builds from version ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding three critical vulnerabilities that are being actively exploited ... Read more

• Darktrace

Introduction: Nation state attacks on supply chainsIn recent years, supply chain attacks have surged in both frequency and sophistication, evolving into one of the most severe threats to organizations ... Read more

• The Cyber Express

A recent Cyble ICS vulnerabilities report sheds light on several critical vulnerabilities in industrial control systems (ICS) from major vendors including Schneider Electric, mySCADA, and Automated Lo ... Read more

• The Cyber Express

Zyxel Firewalls have become a key target in recent cyberattacks, with attackers exploiting a critical vulnerability to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued ... Read more

• The Cyber Express

The Australian government has passed the new Cyber Security Act, which was recently approved by Parliament. One of the most critical provisions of this new law mandates that organizations must report ... Read more

• The Cyber Express

Oracle’s Agile Product Lifecycle Management (PLM) software has been flagged for a security vulnerability (CVE-2024-21287) by CERT-In (Computer Emergency Response Team – India). The vulnerability, cata ... Read more

• The Cyber Express

A Russia-aligned hacking group, known as RomCom (also identified as Storm-0978, Tropical Scorpius, or UNC2596), has successfully exploited two zero-day vulnerabilities—one in Mozilla Firefox and anoth ... Read more

• The Cyber Express

Artificial Intelligence (AI) has become a critical enabler across sectors, reshaping industries from healthcare to transportation. However, with its transformative potential comes a spectrum of safety ... Read more

• The Cyber Express

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a critical security flaw, CVE-2023-28461, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability i ... Read more

• The Cyber Express

Apple recently rolled out a security update that addresses critical vulnerabilities in multiple Apple devices. Released on November 19, the Apple security update impacts various platforms, including i ... Read more

• The Cyber Express

An alarming set of chained vulnerabilities in Palo Alto Networks’ PAN-OS software has sparked concerns that attackers could seize administrator privileges through an authentication bypass. The first v ... Read more

• TheCyberThrone

In a joint cybersecurity advisory, the security agencies across the world have identified the most exploited vulnerabilities of 2023. This advisory, coauthored by the Cybersecurity and Infrastructure ... Read more

• The Cyber Express

The Computer Emergency Response Team of India (CERT-In) has issued a high-severity alert regarding a newly identified vulnerability in Cisco’s Enterprise Chat and Email (ECE) platform. Tagged as CERT- ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a series of security advisories, shedding light on several critical vulnerabilities affecting Industrial Control Systems ... Read more

• The Register

The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have ... Read more

• Help Net Security

A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. Zero-day vulnerabilities on t ... Read more

• Cybersecurity News

In a joint cybersecurity advisory, the top cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom have identified the most exploited vulnerabilities of 2 ... Read more

• AttackIQ

On November 12, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) released a Cybersecurity Advisory (CSA) providing details on the Common Vulnerabilities and Exposures (CVEs) routin ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of their active ... Read more

• The Cyber Express

The FBI, NSA, and allied agencies within the Five Eyes intelligence network have published a list of the 15 most exploited vulnerabilities from 2023. The cybersecurity advisory, a collaborative effort ... Read more

• The Cyber Express

Microsoft rolled out its monthly security updates as part of the Microsoft November 2024 Patch Tuesday cycle. The company addressed a total of 91 vulnerabilities, with four of them being classified as ... Read more

• BleepingComputer

​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. A joint advis ... Read more

• security.nl

De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more

• The Cyber Express

Hewlett Packard Enterprise (HPE) has issued critical security patches to address several vulnerabilities affecting its Aruba Networking Access Point products. These vulnerabilities (CVE-2024-42509 and ... Read more

• The Cyber Express

The Indian Computer Emergency Response Team (CERT-In) has issued a warning about newly discovered vulnerabilities in Google Chrome that could pose significant risks to users. These vulnerabilities, id ... Read more

• The Cyber Express

A newly discovered vulnerability in the WPLMS WordPress theme threatens websites with potential Remote Code Execution (RCE) due to a critical path traversal flaw. CVE-2024-10470, a vulnerability in th ... Read more

• The Cyber Express

A severe security flaw in outdated D-Link network-attached storage (NAS) devices leaves over 61,000 units exposed online with no patches. Researchers have identified a command injection vulnerability ... Read more

• The Cyber Express

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued multiple advisories alerting the public to critical vulnerabilities affecting industrial control systems (ICS) equipment deploye ... Read more

• The Cyber Express

A missing authentication flaw in Palo Alto Networks’ Expedition tool now jeopardizes firewall configurations across sectors, with attackers actively exploiting this vulnerability in the wild. The U.S. ... Read more

• The Cyber Express

Cisco’s Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points contain a severe vulnerability that potentially allows attackers to execute commands with root pr ... Read more

• The Cyber Express

In its November security update, Google has patched two critical Android zero-days actively exploited in targeted attacks, along with 49 additional vulnerabilities. Google flagged these zero-day flaws ... Read more

• The Cyber Express

Cyble Research & Intelligence Labs (CRIL) has released a new report focusing on critical Industrial Control System (ICS) vulnerabilities, with insights derived from recent advisories issued by the Cyb ... Read more

• The Cyber Express

The Cybersecurity and Infrastructure Security Agency (CISA) has added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog following confirmed reports of active ex ... Read more

• Help Net Security

The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud servi ... Read more

• The Cyber Express

The ‘FortiJump’ vulnerability in Fortinet’s FortiManager management platform may not have been completely fixed by the company’s patch issued last month. A screen recording posted to X (formerly known ... Read more

• The Cyber Express

In the latest edition of Cyble’s weekly sensor intelligence report, cybersecurity experts revealed a concerning surge in attacks targeting the LightSpeed Cache and GutenKit WordPress plugins. As the r ... Read more

• The Cyber Express

Cyble Research and Intelligence Labs (CRIL) has identified new IT vulnerabilities affecting Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others. The report for the week of October 23-29 hi ... Read more