Cisco Warns of BroadWorks Flaw Exposing Credentials
March 6, 2025
Cisco warns of a BroadWorks flaw that could allow unauthenticated attackers to access sensitive credentials. Users are advised to implement
Actively Exploited Bugs
Cisco Warns of BroadWorks Flaw Exposing Credentials
Cisco warns of a BroadWorks flaw that could allow unauthenticated attackers to access sensitive credentials. Users are advised to implement security measures.
Broadcom Fixes Three VMware Zero-Days Exploited in Attacks
Broadcom fixes three critical VMware zero-days exploited in attacks, enabling attackers to escape virtual machine sandboxes. Immediate patching is advised.
ClickFix Attack Deploys Havoc C2 via Microsoft SharePoint
A new ClickFix attack is exploiting Microsoft SharePoint to deploy the Havoc framework, tricking users into running malicious PowerShell commands.
CISA Tags Windows and Cisco Vulnerabilities as Actively Exploited
CISA warns that critical vulnerabilities in Cisco and Windows systems are actively exploited, urging federal agencies to secure networks by March 23, 2025.
Ransomware Groups Use BYOVD Attacks Exploiting Paragon Partition Manager Bug
Critical Paragon Partition Manager vulnerabilities are being exploited in BYOVD attacks, allowing ransomware gangs SYSTEM-level access and execution of malicious code. Urgent patching is advised. ...
CISA Warns of Craft CMS Code Injection Flaw
CISA warns of an actively exploited Craft CMS code injection flaw (CVE-2025-23209), urging users to upgrade to patched versions 5.5.8 and 4.13.8 or later.
OpenSSH Flaws Expose SSH Servers to Critical DoS Attacks and MiTM Vulnerabilities
Critical OpenSSH vulnerabilities enable devastating DoS attacks and sophisticated MiTM attacks on SSH servers. Immediate updates are crucial to prevent data breaches and service disruptions.
North Korean Hackers Leverage PowerShell Exploit in Sophisticated Cyber Attack
North Korean hackers use a PowerShell exploit in a new cyberattack, tricking victims into installing malware. A related scheme involved a woman facilitating North Korean ...
Critical Windows Zero-Day Vulnerabilities Actively Exploited: CISA Issues Warning to ‘Test and deploy quickly’
Critical Windows zero-days (CVE-2025-21418, CVE-2025-21391) are actively exploited. CISA urges immediate patching to prevent data loss and system compromise. Federal agencies have until March 4th.
Apple CPU Side-Channel Attacks (SLAP & FLOP) Threaten Safari Browser Security
New Apple CPU side-channel attacks, dubbed SLAP and FLOP, exploit flaws in speculative execution to steal data from web browsers. Researchers demonstrated the attacks' ability ...
Broadcom Fixes Three VMware Zero-Days Exploited in Attacks
March 6, 2025
Broadcom fixes three critical VMware zero-days exploited in attacks, enabling attackers to escape virtual machine sandboxes. Immediate patching is advised.
ClickFix Attack Deploys Havoc C2 via Microsoft SharePoint
March 4, 2025
A new ClickFix attack is exploiting Microsoft SharePoint to deploy the Havoc framework, tricking users into running malicious PowerShell commands.
CISA Tags Windows and Cisco Vulnerabilities as Actively Exploited
March 4, 2025
CISA warns that critical vulnerabilities in Cisco and Windows systems are actively exploited, urging federal agencies to secure networks by
Ransomware Groups Use BYOVD Attacks Exploiting Paragon Partition Manager Bug
March 3, 2025
Critical Paragon Partition Manager vulnerabilities are being exploited in BYOVD attacks, allowing ransomware gangs SYSTEM-level access and execution of malicious
CISA Warns of Craft CMS Code Injection Flaw
February 24, 2025
CISA warns of an actively exploited Craft CMS code injection flaw (CVE-2025-23209), urging users to upgrade to patched versions 5.5.8
OpenSSH Flaws Expose SSH Servers to Critical DoS Attacks and MiTM Vulnerabilities
February 19, 2025
Critical OpenSSH vulnerabilities enable devastating DoS attacks and sophisticated MiTM attacks on SSH servers. Immediate updates are crucial to prevent
North Korean Hackers Leverage PowerShell Exploit in Sophisticated Cyber Attack
February 12, 2025
North Korean hackers use a PowerShell exploit in a new cyberattack, tricking victims into installing malware. A related scheme involved
Critical Windows Zero-Day Vulnerabilities Actively Exploited: CISA Issues Warning to ‘Test and deploy quickly’
February 12, 2025
Critical Windows zero-days (CVE-2025-21418, CVE-2025-21391) are actively exploited. CISA urges immediate patching to prevent data loss and system compromise. Federal
Apple CPU Side-Channel Attacks (SLAP & FLOP) Threaten Safari Browser Security
January 29, 2025
New Apple CPU side-channel attacks, dubbed SLAP and FLOP, exploit flaws in speculative execution to steal data from web browsers.
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.