Apple CPU Side-Channel Attacks (SLAP & FLOP) Threaten Safari Browser Security
January 29, 2025
New Apple CPU side-channel attacks, dubbed SLAP and FLOP, exploit flaws in speculative execution to steal data from web browsers.
Actively Exploited Bugs
Apple CPU Side-Channel Attacks (SLAP & FLOP) Threaten Safari Browser Security
New Apple CPU side-channel attacks, dubbed SLAP and FLOP, exploit flaws in speculative execution to steal data from web browsers. Researchers demonstrated the attacks' ability ...
Windows BitLocker Vulnerability (CVE-2025-21210) Exploited in Randomization Attack
A critical Windows BitLocker vulnerability (CVE-2025-21210) allows attackers with physical access to bypass AES-XTS encryption, exposing sensitive data through a novel randomization attack.
Nuclei Vulnerability Allows Signature Bypass and Code Execution
Nuclei vulnerability (CVE-2024-43405) allows signature bypass and code execution due to inconsistencies in newline character handling between signature verification and YAML parsing. Update to version ...
Critical Remote Code Execution Flaw in Progress LoadMaster: A 10/10 Severity Vulnerability
This vulnerability, tracked as CVE-2024-7591, allows attackers to remotely execute commands on vulnerable devices, posing a significant risk to organizations relying on these products.
Ransomware Gangs Exploiting VMware ESXi Authentication Bypass Vulnerability in Widespread Attacks
Microsoft warns of active exploitation of CVE-2024-37085 flaw
Black Basta Ransomware May Have Exploited Windows Zero-Day Flaw
Analysis Suggests Black Basta Ransomware Group Used Unpatched Windows Vulnerability tracked as CVE-2024-26169 that impacts the Windows Error Reporting service.
RansomHub Ransomware Group Exploits ZeroLogon Vulnerability to Spread Malware
Security researchers have uncovered ransomware attacks conducted by the notorious RansomHub group leveraging the unpatched ZeroLogon vulnerability (CVE-2020-1472) to gain initial access to victim environments. ...
ArcaneDoor Hackers Exploit Cisco Zero-Days to Breach Government Networks
Cisco has warned of a sophisticated state-backed hacking group known as UAT4356 exploiting two zero-day vulnerabilities in Cisco firewall devices ...
Ivanti Issues Security Updates to Critical Flaws in Avalanche MDM Solution
Ivanti, a leading provider of mobile device management (MDM) solutions, has recently released security updates to address a total of ...
Critical Flaw in D-Link NAS Devices Under Active Exploitation
A Critical Flaw in D-Link NAS Devices is Under Active Exploitation in Over 92,000 Devices leaving them Vulnerable to Remote ...
Windows BitLocker Vulnerability (CVE-2025-21210) Exploited in Randomization Attack
January 21, 2025
A critical Windows BitLocker vulnerability (CVE-2025-21210) allows attackers with physical access to bypass AES-XTS encryption, exposing sensitive data through a
Nuclei Vulnerability Allows Signature Bypass and Code Execution
January 7, 2025
Nuclei vulnerability (CVE-2024-43405) allows signature bypass and code execution due to inconsistencies in newline character handling between signature verification and
Critical Remote Code Execution Flaw in Progress LoadMaster: A 10/10 Severity Vulnerability
September 9, 2024
This vulnerability, tracked as CVE-2024-7591, allows attackers to remotely execute commands on vulnerable devices, posing a significant risk to organizations
Ransomware Gangs Exploiting VMware ESXi Authentication Bypass Vulnerability in Widespread Attacks
July 30, 2024
Microsoft warns of active exploitation of CVE-2024-37085 flaw
Black Basta Ransomware May Have Exploited Windows Zero-Day Flaw
June 13, 2024
Analysis Suggests Black Basta Ransomware Group Used Unpatched Windows Vulnerability tracked as CVE-2024-26169 that impacts the Windows Error Reporting service.
RansomHub Ransomware Group Exploits ZeroLogon Vulnerability to Spread Malware
June 10, 2024
Security researchers have uncovered ransomware attacks conducted by the notorious RansomHub group leveraging the unpatched ZeroLogon vulnerability (CVE-2020-1472) to gain
ArcaneDoor Hackers Exploit Cisco Zero-Days to Breach Government Networks
April 25, 2024
Cisco has warned of a sophisticated state-backed hacking group known as UAT4356 exploiting two zero-day vulnerabilities in Cisco firewall devices
Ivanti Issues Security Updates to Critical Flaws in Avalanche MDM Solution
April 17, 2024
Ivanti, a leading provider of mobile device management (MDM) solutions, has recently released security updates to address a total of
Critical Flaw in D-Link NAS Devices Under Active Exploitation
April 14, 2024
A Critical Flaw in D-Link NAS Devices is Under Active Exploitation in Over 92,000 Devices leaving them Vulnerable to Remote
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.