• TheCyberThrone

CVE-2025-49763 is a denial-of-service (DoS) vulnerability found in Apache Traffic Server (ATS), specifically within its Edge Side Includes (ESI) plugin. The flaw stems from insufficient restrictions o ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending February 2025Subscribers favorite #1CVE-2025-109 ... Read more

• The Hacker News

Patch Tuesday / Vulnerability Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation i ... Read more

• krebsonsecurity.com

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All ... Read more

• Help Net Security

February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 a ... Read more

• TheCyberThrone

The Contec CM8000 patient monitor has been identified as having critical vulnerabilities, specifically backdoor functionalities, which pose significant risks to patient safety and data privacy. Here i ... Read more

• TheCyberThrone

Welcome to TheCyberThrone  cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, February 01, 2025.Cyber Incidents at Tat ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity month in review will be posted covering the important security happenings . This review is for the month ending January 2025Subscribers favorite #1Exploit Code ... Read more

• TheCyberThrone

BackgroundCVE-2024-53299 is a significant security vulnerability identified in Apache Wicket, specifically impacting versions prior to 9.19.0 and 10.3.0. This vulnerability allows attackers to initiat ... Read more

• TheCyberThrone

Welcome to TheCyberThrone. Cybersecurity week in review will be posted covering the important security happenings. This review is for the bi-weekly ending on Saturday, January 25, 2025.CVE-2025-0411 i ... Read more

• TheCyberThrone

CVE-2024-53691 is a severe remote code execution (RCE) vulnerability discovered in QNAP NAS devices. Recently, security researcher c411e released a Proof-of-Concept (PoC) exploit code, underscoring th ... Read more

• TheCyberThrone

CVE-2025-23082 is a high-severity security vulnerability identified in Veeam Backup for Microsoft Azure, a solution designed to protect workloads running in Microsoft’s Azure cloud environment. This v ... Read more

• TheCyberThrone

OverviewCVE-2024-54498 is a critical vulnerability affecting macOS systems, specifically those running versions prior to 2.6.11. This vulnerability, discovered by security researcher @wh1te4ever, invo ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 11, 2025.Redis was affected by CV ... Read more

• TheCyberThrone

CVE-2024-49415 is a critical vulnerability found in Samsung devices running Android versions 12, 13, and 14. This vulnerability was discovered by researchers from Google Project Zero, a team dedicated ... Read more

• TheCyberThrone

CVE-2024-53704 is a high-severity vulnerability impacting SonicWall’s SSLVPN authentication mechanism. This flaw, with a CVSS score of 8.2, allows remote attackers to bypass authentication and gain un ... Read more

• TheCyberThrone

OverviewCVE-2024-12847 is a critical security vulnerability affecting certain models of NETGEAR routers, notably the DGN1000 and DGN2200 v1. This vulnerability has been assigned a CVSS score of 9.8, r ... Read more

• TheCyberThrone

OverviewCVE-2025-0282 is a critical stack-based buffer overflow vulnerability. It impacts Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for Zero Trust Access (ZTA) gateways. This vul ... Read more

• Cybersecurity News

TRAC Labs has released an in-depth report on LegionLoader, a sophisticated downloader malware that has evolved significantly since its initial appearance in 2019. The malware, also tracked as Satacom, ... Read more

• TheCyberThrone

In 2024, Microsoft’s Patch Tuesday updates played a critical role in addressing security vulnerabilities across various platforms. Throughout the year, a total of 1,000+ vulnerabilities were patched, ... Read more

• Cybersecurity News

Cybercriminals are increasingly weaponizing cracked versions of legitimate vulnerability scanning tools, like the Araneida Scanner, for malicious activities, according to Silent Push Threat Analysts. ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the weeks ending Saturday, November 30, 2024.Jenkins fixes multiple ... Read more

• The Hacker News

Cyber Threats / Weekly Recap This week's cyber world is like a big spy movie. Hackers are breaking into other hackers' setups, sneaky malware is hiding in popular software, and AI-powered scams are tr ... Read more

• TheCyberThrone

A critical use-after-free vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, has been discovered in the afd.sys Windows driver that allows attackers to escalate privileges and execute ... Read more

• Cybersecurity News

A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the afd.sys Windows driver. This vulnerability, with a CVSS score of 7.8, poses a significant threat to Wi ... Read more

• TheCyberThrone

The Django team has released Django 5.1.4, Django 5.0.10, and Django 4.2.17 versions to address two security vulnerabilities.The first vulnerability tracked as CVE-2024-53907 with a CVSS score of 7.5 ... Read more

• Cybersecurity News

Marko Polo infection chain (Source: Recorded Future)Researchers at Recorded Future have uncovered a large-scale cyberattack affecting tens of thousands of devices worldwide. It was later revealed that ... Read more

• Cybersecurity News

Attacker commands enumerating machine details | Image: HuntressRecently, the cybersecurity company Huntress reported a new wave of cyberattacks targeting the widely-used Foundation Accounting Software ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding two actively exploited security flaws to its Known Exploited Vulnerabilities (KEV) catalog, urging immedia ... Read more

• Cybersecurity News

Researchers at Cado Security Labs have uncovered two malicious campaigns that exploit misconfigured instances of Selenium Grid. Once a trusted tool for browser automation and testing, Selenium Grid ha ... Read more

• crowdstrike.com

Microsoft has released security updates for 79 vulnerabilities in its September 2024 Patch Tuesday rollout. These include four actively exploited zero-days (CVE-2024-38014, CVE-2024-38217, CVE-2024-38 ... Read more

• Cybersecurity News

The JFrog security research team has uncovered a novel PyPI package hijacking method known as “Revival Hijack,” which has put over 22,000 packages at risk of exploitation. Unlike traditional typosquat ... Read more

• Cybersecurity News

Please enable JavaScriptThe FBI has warned sternly about North Korean state-sponsored hackers employing highly sophisticated social engineering tactics to infiltrate decentralized finance (DeFi) and c ... Read more

• Cybersecurity News

Access to the API without the need for any authentication | Image: Legit SecurityA new report released by Legit Security has raised significant concerns about the security posture of publicly accessib ... Read more

• tripwire.com

Tripwire's August 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Adobe and Google.First on the list are patches for Microsoft Edge and Google Chromium that re ... Read more

• The Hacker News

Rootkit / Threat Intelligence A recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the ... Read more

• BleepingComputer

North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. "We assess ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are ... Read more

• SentinelOne

The Good | Global Authorities Arrest Multi-Million Dollar Crypto Thieves & Charge An Extortion Gang Member Plenty of good news this week as global law enforcement efforts rounded up suspects behind a ... Read more

• SentinelOne

The Good | Global Authorities Arrest Multi-Million Dollar Crypto Thieves & Charge An Extortion Gang Member Plenty of good news this week as global law enforcement efforts rounded up suspects behind a ... Read more

• Cybersecurity News

Despite its discovery over two years ago, the Log4j vulnerability, known as Log4Shell (CVE-2021-44228), continues to pose a significant threat to global cybersecurity. A recent report from Datadog Sec ... Read more

• TheCyberThrone

During this month patch Tuesday, microsoft addressed nearly 90 flaws, some of which have already been exploited by hackers.One specific vulnerability, CVE-2024-38193 with a CVSS score of 7.8, is a  Br ... Read more

• Help Net Security

CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers ... Read more

• TheCyberThrone

F5 has recently released security advisories addressing vulnerabilities in its products. These vulnerabilities, if exploited, could lead to denial-of-service (DoS) attacks and unauthorized access, dis ... Read more

• security.nl

Aanvallers hebben sinds juni een kwetsbaarheid in Windows gebruikt voor de installatie van een rootkit, zo stelt securitybedrijf Gen Digital. Microsoft rolde vorige week dinsdag een beveiligingsupdate ... Read more

• Cybersecurity News

Last week, Microsoft addressed multiple high-severity security vulnerabilities in its security updates, some of which have already been exploited by hackers. For instance, the CVE-2024-38193 (CVSS 7.8 ... Read more

• BleepingComputer

Image: Midjourney The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. ... Read more

• Ars Technica

LAZARUS STRIKES AGAIN — FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Getty Images A Windows zero-day vulnerability recently patched by Microsoft was explo ... Read more

• The Hacker News

A newly patched security flaw in Microsoft Windows was exploited as a zero-day by Lazarus Group, a prolific state-sponsored actor affiliated with North Korea. The security vulnerability, tracked as CV ... Read more

• Cyber Security News

Security researchers at Avast have uncovered evidence that the notorious North Korean hacker group Lazarus exploited a previously unknown zero-day vulnerability in the Windows AFD.sys driver to gain k ... Read more

• crowdstrike.com

Microsoft has released security updates for 85 vulnerabilities in its August 2024 Patch Tuesday rollout. These include six actively exploited zero-days (CVE-2024-38213, CVE-2024-38193, CVE-2024-38189, ... Read more

• security.nl

Tijdens de patchdinsdag van augustus heeft Microsoft zes kwetsbaarheden in Office en Windows verholpen die actief zijn misbruikt voordat de updates beschikbaar waren. Drie van de beveiligingslekken ma ... Read more

• The Hacker News

Windows Security / Vulnerability Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of th ... Read more

• TheCyberThrone

The US CISA adds 6 Microsoft vulnerabilities to its Known Exploited Vulnerabilities Catalog that is released as part of patch Tuesday, August 2024.CVE-2024-38189 – Microsoft Project Remote Code Execut ... Read more

• TheCyberThrone

Microsoft patched 90 CVEs in its August 2024 Patch Tuesday release, with seven rated critical, 82 rated as important, and one rated as moderate.This includes updates for vulnerabilities in Microsoft O ... Read more

• Cybersecurity News

Microsoft’s August 2024 Patch Tuesday release addresses 88 vulnerabilities, including seven critical flaws and 10 zero-day vulnerabilities. Among these, six are currently being actively exploited in t ... Read more

• Cyber Security News

Microsoft has released its August 2024 Patch Tuesday update to address 90 security vulnerabilities. The update includes fixes for six zero-day flaws actively exploited across various products and serv ... Read more

• The Register

Patch Tuesday Microsoft has disclosed 90 flaws in its products – six of which have already been exploited – and four others that are listed as publicly known. There's another dozen in the list from th ... Read more

• krebsonsecurity.com

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attac ... Read more

• tripwire.com

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.CVE ... Read more

• Dark Reading

Source: CC Photo Labs via ShutterstockAttackers are actively exploiting as many as six of the 90 vulnerabilities that Microsoft disclosed in its security update for August, making them a top priority ... Read more

• Help Net Security

August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under ... Read more

• BleepingComputer

Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an ... Read more