• The Hacker News

Jul 17, 2025Ravie LakshmananCryptocurrency / Vulnerability Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryp ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese sta ... Read more

• BleepingComputer

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high seve ... Read more

• Cyber Security News

Google’s Project Zero and Mandiant cybersecurity teams have jointly published a proof-of-concept (PoC) exploit for a high-severity command injection vulnerability in Palo Alto Networks’ PAN-OS OpenCon ... Read more

• Cybersecurity News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploit ... Read more

• Help Net Security

Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), an ... Read more

• Dark Reading

Source: Chiew via ShutterstockAttackers are actively exploiting an authentication bypass flaw found in the Palo Alto Networks PAN-OS software that lets an unauthenticated attacker bypass authenticatio ... Read more

• security.nl

Aanvallers maken actief misbruik van drie kwetsbaarheden in firewalls van Palo Alto Networks om kwetsbare apparaten te compromitteren, zo laat de leverancier weten, die van de 'hoogste urgentie' spree ... Read more

• BleepingComputer

Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active att ... Read more

• Cyber Security News

Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generatio ... Read more

• security.nl

Onderzoekers hebben in firewalls van Palo Alto Networks meerdere kwetsbaarheden aangetroffen die al jaren oud en bekend zijn. Het gaat onder andere om een beveiligingslek in de Grub2-bootloader uit 20 ... Read more

• Help Net Security

CISA has added Mitel MiCollab (CVE-2024-41713, CVE-2024-55550) and Oracle WebLogic Server (CVE-2020-2883) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The Mitel MiCollab vulne ... Read more

• Cybersecurity News

Northwave Cyber Security has identified a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls.The backdoor was uncovered during a forensic investigation into a compromis ... Read more

• TheCyberThrone

In 2024, the cybersecurity landscape saw a significant number of exploited vulnerabilities, highlighting the ongoing challenges organizations face in protecting their systems and data.Some key trends ... Read more

• Cybersecurity News

A newly discovered vulnerability in Apache Superset, a popular open-source business intelligence platform, could allow attackers to gain unauthorized write access to sensitive data. Tracked as CVE-202 ... Read more

• Cybersecurity News

Organizations using Cleo file transfer software are urged to take immediate action as a critical vulnerability, CVE-2024-50623, is being actively exploited in the wild. This zero-day flaw affects Cleo ... Read more

• Cybersecurity News

A critical vulnerability has been discovered in the Splunk Secure Gateway app that could allow a low-privileged user to execute arbitrary code on vulnerable systems. The vulnerability, identified as C ... Read more

• Darktrace

Darktrace’s Threat Research team investigated a major campaign exploiting vulnerabilities in Palo Alto firewall devices (CVE 2024-2012 and 2024-9474). Learn about the spike in post-exploitation activi ... Read more

• Cybersecurity News

SonicWall has issued a security advisory regarding several vulnerabilities impacting its SMA 100 series SSL-VPN products. These flaws range from path traversal issues inherited from Apache HTTP Server ... Read more

• TheCyberThrone

Welcome to TheCyberThrone most exploited vulnerabilities review. This review is for the month of November 2024CVE-2024-9463: Palo Alto OS Command InjectionCVSS 3.1 Score : 9.9 CISA KEV: YesThis vuln ... Read more

• Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 2,000 Palo Alto Networks devices compromised in latest attacks Attackers have compromised around 2,000 ... Read more

• TheCyberThrone

Researchers from Shadowserver have revealed that approximately 2,000 Palo Alto Networks firewalls have been compromised leavaraging recently discovered zeroday bugs. namely  CVE-2024-0012 and CVE-2024 ... Read more

• The Register

Thousands of Palo Alto Networks firewalls were compromised by attackers exploiting two recently patched security bugs. The intruders were able to deploy web-accessible backdoors to remotely control th ... Read more

• Hackread - Latest Cybersecurity, Tech, Crypto & Hacking News

The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012 & CVE-2024-9474, enabling admin bypass and root access. Top ... Read more

• security.nl

Meer dan tweeduizend firewalls van Palo Alto Networks zijn via twee recente kwetsbaarheden geïnfecteerd met malware, zo stelt The Shadowserver Foundation op basis van eigen onderzoek. In Nederland gaa ... Read more

• Help Net Security

Threat actors are recruiting pen testers to test and improve the reliability of their ransomware for affiliate programs, according to Cato Networks. Any good developer knows that software needs to be ... Read more

• BleepingComputer

Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities. The two security flaws are an authentication bypass (CVE ... Read more

• The Hacker News

Vulnerability / Cyber Attack As many as 2,000 Palo Alto Networks devices are estimated to have been compromised as part of a campaign abusing the newly disclosed security flaws that have come under ac ... Read more

• Cybersecurity News

Hunt researchers have discovered a novel deployment of XenoRAT, an open-source remote access tool (RAT), leveraging Excel XLL files and advanced obfuscation methods. Known for targeting gamers and pos ... Read more

• Help Net Security

Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scannin ... Read more

• security.nl

Palo Alto Networks is bang dat een kritieke kwetsbaarheid in PAN-OS, het besturingssysteem dat op de firewalls van het securitybedrijf draait, op grotere schaal kan worden misbruikt nu exploitcode op ... Read more

• Cybersecurity News

Image: WatchtowrIn a recent analysis, security researcher Sonny from watchTowr unveiled the technical intricacies of two zero-day vulnerabilities affecting Palo Alto Networks’ Next-Generation Firewall ... Read more

• BleepingComputer

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progr ... Read more

• The Register

Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week. The vendor dropped details of two vulnerabilities exploited as zero-day ... Read more

• Cybersecurity News

Critical flaws in widely-used networking and security products demand immediate attention from administrators.The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning a ... Read more

• TheCyberThrone

The U.S. CISA added the following vulnerabilities to its Known Exploited Vulnerabilities catalogCVE-2024-1212 with a CVSS score of 10 and CWE-78, is a Progress Kemp LoadMaster OS command injection iss ... Read more

• BleepingComputer

Palo Alto Networks has finally released security updates for two actively exploited zero-day vulnerabilities in its Next-Generation Firewalls (NGFW). The first flaw, tracked as CVE-2024-0012, is an au ... Read more

• The Cyber Express

An alarming set of chained vulnerabilities in Palo Alto Networks’ PAN-OS software has sparked concerns that attackers could seize administrator privileges through an authentication bypass. The first v ... Read more

• Cybersecurity News

Palo Alto Networks has issued critical advisories regarding two actively exploited vulnerabilities in their PAN-OS software, posing significant risks to organizations relying on the platform for netwo ... Read more

• Cybersecurity News

by do son · Published November 18, 2024 · Updated November 18, 2024 ... Read more

• Help Net Security

Palo Alto Networks has released fixes for two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in its next-generation firewalls that have been exploited by attackers as zero-days. About the vulnerabi ... Read more

• security.nl

Palo Alto Networks heeft twee actief aangevallen kwetsbaarheden in PAN-OS gedicht (CVE-2024-9474 en CVE-2024-0012) die worden gebruikt voor het aanvallen van firewalls. Vorige week waarschuwde het sec ... Read more