CISA Says NAKIVO Backup Flaw is Actively Exploited in Attacks
March 21, 2025
CISA warns of a critical NAKIVO backup flaw, CVE-2024-48248, allowing unauthorized file access, urging organizations to patch systems promptly.
Actively Exploited Bugs
CISA Says NAKIVO Backup Flaw is Actively Exploited in Attacks
CISA warns of a critical NAKIVO backup flaw, CVE-2024-48248, allowing unauthorized file access, urging organizations to patch systems promptly.
WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug
Critical remote code execution vulnerability in WordPress plugin WP Ghost allows attackers to hijack servers. Urgent updates are required.
Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks
Cisco's Smart Licensing Utility vulnerabilities CVE-2024-20439 and CVE-2024-20440 are now exploited, allowing unauthorized access through a backdoor admin account.
Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers
MI MegaRAC BMC vulnerability (CVE-2024-54085) lets attackers remotely hijack and brick servers, impacting numerous vendors and potentially causing significant damage.
Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code
A critical vulnerability in Veeam Backup & Replication allows remote code execution, affecting various versions and posing significant security risks.
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
A critical Windows zero-day exploit, ZDI-CAN-25373, has been exploited by 11 state-sponsored hacking groups since 2017, enabling data theft and espionage. Microsoft initially declined to ...
Critical Apache Tomcat Flaw Actively Exploited in Attacks
Critical Apache Tomcat RCE vulnerability (CVE-2025-24813) is actively exploited, allowing attackers to take control of servers via simple PUT requests. Immediate patching is crucial.
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
Facebook disclosed a critical FreeType vulnerability (CVE-2025-27363), allowing arbitrary code execution. All versions up to 2.13 are affected; immediate updates are crucial.
LockBit Linked SuperBlack Ransomware Exploits Fortinet Authentication Bypass Flaws
New SuperBlack ransomware leverages Fortinet authentication bypass flaws (CVE-2024-55591 and CVE-2025-24472), showing strong ties to LockBit. Immediate patching is crucial.
Cisco Warns of BroadWorks Flaw Exposing Credentials
Cisco warns of a BroadWorks flaw that could allow unauthenticated attackers to access sensitive credentials. Users are advised to implement security measures.
WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug
March 21, 2025
Critical remote code execution vulnerability in WordPress plugin WP Ghost allows attackers to hijack servers. Urgent updates are required.
Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks
March 21, 2025
Cisco’s Smart Licensing Utility vulnerabilities CVE-2024-20439 and CVE-2024-20440 are now exploited, allowing unauthorized access through a backdoor admin account.
Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers
March 21, 2025
MI MegaRAC BMC vulnerability (CVE-2024-54085) lets attackers remotely hijack and brick servers, impacting numerous vendors and potentially causing significant damage.
Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code
March 20, 2025
A critical vulnerability in Veeam Backup & Replication allows remote code execution, affecting various versions and posing significant security risks.
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
March 19, 2025
A critical Windows zero-day exploit, ZDI-CAN-25373, has been exploited by 11 state-sponsored hacking groups since 2017, enabling data theft and
Critical Apache Tomcat Flaw Actively Exploited in Attacks
March 18, 2025
Critical Apache Tomcat RCE vulnerability (CVE-2025-24813) is actively exploited, allowing attackers to take control of servers via simple PUT requests.
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
March 14, 2025
Facebook disclosed a critical FreeType vulnerability (CVE-2025-27363), allowing arbitrary code execution. All versions up to 2.13 are affected; immediate updates
LockBit Linked SuperBlack Ransomware Exploits Fortinet Authentication Bypass Flaws
March 14, 2025
New SuperBlack ransomware leverages Fortinet authentication bypass flaws (CVE-2024-55591 and CVE-2025-24472), showing strong ties to LockBit. Immediate patching is crucial.
Cisco Warns of BroadWorks Flaw Exposing Credentials
March 6, 2025
Cisco warns of a BroadWorks flaw that could allow unauthenticated attackers to access sensitive credentials. Users are advised to implement
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.