severity
-
Blog
Exploit details for max severity Cisco IOS XE flaw now public
Technical details about a maximum-severity Cisco IOS XE WLC arbitrary file upload flaw tracked as CVE-2025-20188 have been made publicly available, bringing us closer to a working exploit. The write-up by Horizon3 researchers does not contain a ‘ready-to-run’ proof of concept RCE exploit script, but it does provide enough information for a skilled attacker or even an LLM to fill…
Read More » -
Blog
Google fixes high severity Chrome flaw with public exploit
Google has released emergency security updates to patch a high-severity vulnerability in the Chrome web browser that could lead to full account takeover following successful exploitation. While it’s unclear if this security flaw has been used in attacks, the company warned that it has a public exploit, which is how it usually hints at active exploitation. “Google is aware of…
Read More » -
Blog
Cisco fixes max severity IOS XE flaw letting attackers hijack devices
Cisco has fixed a maximum severity flaw in IOS XE Software for Wireless LAN Controllers by a hard-coded JSON Web Token (JWT) that allows an unauthenticated remote attacker to take over devices. This token is meant to authenticate requests to a feature called ‘Out-of-Band AP Image Download.’ Since it’s hard-coded, anyone can impersonate an authorized user without credentials. The vulnerability is…
Read More » -
Blog
Max severity RCE flaw discovered in widely used Apache Parquet
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. The problem stems from the deserialization of untrusted data that could allow attackers with specially crafted Parquet files to gain control of target systems, exfiltrate or modify data, disrupt services, or introduce dangerous payloads such as ransomware. The…
Read More » -
Blog
Cyber Attack Severity Rating System Established in U.K.
A new rating system in the U.K. will classify the severity of cyberattacks on a scale from one to five, aiming to provide businesses and policymakers with more precise insights into the impact of cyber threats. The Cyber Monitoring Centre, an independent nonprofit organisation of industry experts, will assess incidents in real time and publish results for free. The system…
Read More » -
Blog
Ivanti warns of maximum severity CSA auth bypass vulnerability
Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike’s Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path…
Read More » -
Blog
Progress Software discloses maximum severity LoadMaster flaw – here’s what you need to know
Progress Software has issued a public notice declaring it has fixed a maximum severity security vulnerability affecting its LoadMaster and LoadMaster Multi-Tenant hypervisor software. LoadMaster is Progress’ load balancer and application delivery controller (ADC), underpinning high availability, secure, and scalable business applications and websites. The Multi-Tenant hypervisor, meanwhile, is an iteration of the LoadMaster software that allows users to run…
Read More »