vulnerability
-
Blog
Businesses are taking their eye off the ball with vulnerability patching
Security leaders are overconfident in their organization’s security posture while allowing vulnerability patching to fall by the wayside, new research suggests. According to penetration testing firm Cobalt’s 2025 State of Pentesting Report , only 48% of exploitable vulnerabilities uncovered during penetration testing are fixed – although this increases to 69% for those that have a severity rating of high or…
Read More » -
Blog
Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
Image: nicescene/Adobe Stock Microsoft has detected a zero-day vulnerability in the Windows Common Log File System (CLFS) being exploited in the wild to deploy ransomware. Target industries include IT, real estate, finance, software, and retail, with companies based in the US, Spain, Venezuela, and Saudi Arabia. The vulnerability, tracked as CVE-2025-29824 and rated “important,” is present in the CLFS kernel…
Read More » -
Blog
Apple Passwords App Vulnerability Exposed Users for Months
Apple’s Passwords app, designed to enhance security for iOS users, ironically left them vulnerable to phishing attacks for nearly three months. Security researchers recently revealed that the flaw exposed sensitive information, raising concerns about cybersecurity risks — even with trusted software. The vulnerability explained Researchers at Mysk identified the flaw, which stemmed from the app’s use of unencrypted HTTP connections…
Read More » -
Blog
Cisco IOS XR vulnerability lets attackers crash BGP on routers
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. IOS XR runs on the company’s carrier-grade, Network Convergence System (NCS), and Carrier Routing System (CRS) series of routers, such as the ASR 9000, NCS 5500, and 8000 series. This high-severity flaw (tracked as CVE-2025-20115) was found…
Read More » -
Blog
Everything you need to know about the Microsoft Power Pages vulnerability
A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild. The company noted that it has remedied the high severity flaw associated with how the SaaS platform handles access permissions and potentially leaving a backdoor for malicious actors. CVE-2025-24989 is described as an improper access vulnerability in…
Read More » -
Blog
Vulnerability management complexity is leaving enterprises at serious risk
Most organizations are failing to remediate critical vulnerabilities quickly enough, with nearly seven-in-ten saying it takes them more than 24 hours. According to new research from Swimlane, fragmented data from multiple scanners, siloed risk scoring, and poor cross-team collaboration means organizations are increasingly exposed to breaches, compliance failures, and financial penalties. Michael Lyborg, CISO at Swimlane, said this confluence of…
Read More » -
Blog
SonicWall VPN hit with second vulnerability
A vulnerability has been found in a SonicWall VPN server, the second VPN-related issue to hit the company in recent months. Ethical hackers from Dutch company Computest Security discovered the vulnerability which allowed them to take over the server and potentially access the internal company network, exposing sensitive data. SonicWall offers a variety of VPN clients, aimed at securing corporate…
Read More » -
Blog
Everything you need to know about the Cleo file transfer vulnerability, including affected products, patches, and temporary mitigations
A vulnerability in the popular managed file transfer (MFT) service from software company Cleo is being actively exploited by threat actors, researchers have warned. Reports from multiple security firms have warned that three different Cleo products were being attacked in the wild, including Cleo Harmony, the firm’s widely-used file transfer service capability. VLTrader, a server-side solution aimed at mid-sized corporations,…
Read More » -
Blog
Microsoft Patches One Actively Exploited Vulnerability, Among Others
December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft…
Read More » -
Blog
Ivanti warns of maximum severity CSA auth bypass vulnerability
Today, Ivanti warned customers about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. The security flaw (tracked as CVE-2024-11639 and reported by CrowdStrike’s Advanced Research Team) enables remote attackers to gain administrative privileges on vulnerable appliances running Ivanti CSA 5.0.2 or earlier without requiring authentication or user interaction by circumventing authentication using an alternate path…
Read More »