flaws

  • Blog
    digitpatrox6 days ago
    30

    For June’s Patch Tuesday, 68 fixes — and two zero-day flaws

    Microsoft offered up a fairly light Patch Tuesday release this month, with 68 patches to Microsoft Windows and Microsoft Office. There were no updates for Exchange or SQL server and just two minor patches for Microsoft Edge. That said, two zero-day vulnerabilities (CVE-2025-33073 and CVE-2025-33053) have led to a “Patch Now” recommendation for both Windows and Office. (Developers can follow their usual…

    Read More »
  • Blog
    digitpatrox1 week ago
    39

    Ivanti Workspace Control hardcoded key flaws expose SQL credentials

    Ivanti has released security updates to fix three high-severity hardcoded key vulnerabilities in the company’s Workspace Control (IWC) solution. IWC helps enterprise admins manage desktops and applications, acting as an intermediary between the operating system and users and regulating access and workspace configuration. It provides centralized control over user workspaces and dynamically configures desktops, applications, and user settings based on…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    53

    Critical Fortinet flaws now exploited in Qilin ransomware attacks

    The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over 310 victims on its dark web leak site. Its victim…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    42

    Cisco warns of ISE and CCP flaws with public exploit code

    Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. The most severe of the three is a critical static credential vulnerability tracked as CVE-2025-20286, found by GMO Cybersecurity’s Kentaro Kawane in Cisco ISE. This identity-based policy enforcement software provides endpoint access control and network device…

    Read More »
  • Blog
    digitpatroxApril 29, 2025
    80

    CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. The flaws were added yesterday to CISA’s ‘Known Exploited Vulnerabilities’ (KEV) catalog, with the Broadcom Brocade Fabric OS and Commvault flaws not previously tagged as exploited. Broadcom Brocade Fabric OS…

    Read More »
  • Blog
    digitpatroxApril 1, 2025
    106

    Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders

    Microsoft used its AI-powered Security Copilot to discover 20 previously unknown vulnerabilities in the GRUB2, U-Boot, and Barebox open-source bootloaders. GRUB2 (GRand Unified Bootloader) is the default boot loader for most Linux distributions, including Ubuntu, while U-Boot and Barebox are commonly used in embedded and IoT devices. Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command…

    Read More »
  • Blog
    digitpatroxApril 1, 2025
    96

    Red teaming comes to the fore as developers tackle AI application flaws

    Only a third of organizations employ adequate testing practices in AI application development, according to new research, prompting calls for increased red teaming to reduce risks. Analysis from Applause found 70% of developers are currently developing AI applications and features, with over half (55%) highlighting chatbots and customer support tools as their primary focus at present. Yet despite an acceleration…

    Read More »
  • Blog
    digitpatroxMarch 21, 2025
    105

    Critical Cisco Smart Licensing Utility flaws now exploited in attacks

    Attackers have started targeting Cisco Smart Licensing Utility (CSLU) instances unpatched against a vulnerability exposing a built-in backdoor admin account. The CSLU Windows application allows admins to manage licenses and linked products on-premises without connecting them to Cisco’s cloud-based Smart Software Manager solution. Cisco patched this security flaw (tracked as CVE-2024-20439) in September, describing it as “an undocumented static user…

    Read More »
  • Blog
    digitpatroxMarch 14, 2025
    112

    New SuperBlack ransomware exploits Fortinet auth bypass flaws

    A new ransomware operator named ‘Mora_001’ is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack. The two vulnerabilities, both authentication bypasses, are CVE-2024-55591 and CVE-2025-24472, which Fortinet disclosed in January and February, respectively. When Fortinet first disclosed CVE-2024-55591 on January 14, they confirmed it had been exploited as a zero-day, with Arctic…

    Read More »
  • Blog
    digitpatroxFebruary 20, 2025
    116

    Flaws in a popular dev library could let hackers run malicious code in your MongoDB database

    A researcher has uncovered two related vulnerabilities in a popular developer library used to connect applications and MongoDB that could allow hackers to sneak into your database. Mongoose is an object data modeling (ODM) library for MongDB that connects it to the Node.js runtime environment, essentially simplifying interactions between applications and MongoDB databases The flaws were discovered by Dat Phung,…

    Read More »
Load More
Back to top button
close