• tripwire.com

Tripwire's January 2025 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft.First on the list are patches for the Microsoft office platform, including Word, Access, Visi ... Read more

• TheCyberThrone

CVE-2024-53691 is a severe remote code execution (RCE) vulnerability discovered in QNAP NAS devices. Recently, security researcher c411e released a Proof-of-Concept (PoC) exploit code, underscoring th ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using ransomware A ransomware gang dubbed Codefinger is e ... Read more

• TheCyberThrone

Background:CVE-2025-0107 is a critical OS command injection vulnerability discovered in Palo Alto Networks’ Expedition Tool, version 1.2.101 and earlier. Recently, security researchers released a Proo ... Read more

• TheCyberThrone

CVE-2024-7344 is a critical vulnerability affecting UEFI-based systems. It was discovered by researchers at ESET and involves a bypass of the UEFI Secure Boot mechanism, allowing untrusted code to run ... Read more

• BleepingComputer

A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. The vul ... Read more

• Help Net Security

If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security vulnerabilities that may be explo ... Read more

• Ars Technica

For the past seven months—and likely longer—an industry-wide standard that protects Windows devices from firmware infections could be bypassed using a simple technique. On Tuesday, Microsoft finally p ... Read more

• The Hacker News

Vulnerability / Cybersecurity Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) sys ... Read more

• security.nl

Een kwetsbaarheid in een bootloader-applicatie maakt het mogelijk voor aanvallers om UEFI Secure Boot te omzeilen en zo het systeem te compromitteren. Het probleem is inmiddels door de betrokken lever ... Read more

• Dark Reading

Source: Ognyan Yosifov via Alamy Stock PhotoA vulnerability in trusted system recovery programs could allow privileged attackers to inject malware directly into the system startup process in Unified E ... Read more

• Help Net Security

ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed ... Read more

• Cybersecurity News

A recent report from Infoblox Threat Intel highlights a sophisticated botnet operation leveraging a simple DNS misconfiguration to distribute malware on a massive scale. This botnet, built on approxim ... Read more

• The Hacker News

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. O ... Read more

• tripwire.com

Today’s VERT Alert addresses Microsoft’s January 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1139 as soon as coverage is completed.In ... Read more

• BleepingComputer

Today is Microsoft's January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks.This Patch Tuesday al ... Read more