warns

  • Blog
    digitpatrox1 week ago
    24

    Seashell Blizzard hacker group escalating attacks on critical infrastructure, Microsoft warns

    A subgroup of the Russian state-sponsored hacking group, Seashell Blizzard, has been targeting critical infrastructure organizations and governments around the world for years, authorities have warned. The campaign, dubbed ‘BadPilot‘ by Microsoft’s Threat Intelligence Team, saw the group gain access to targets across a number of sensitive sectors, including energy, oil and gas, telecommunications, shipping, and arms manufacturing, as well…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    34

    NAO warns that UK government doesn’t know how vulnerable its IT systems are

    The cyber threat to the UK government is ‘severe and advancing quickly’, the National Audit Office (NAO) has found. It said the government’s new cyber assurance scheme, GovAssure, independently assessed 58 critical departmental IT systems last year and found significant gaps in cyber resilience. Meanwhile, there are at least 228 legacy systems in use – and the government doesn’t know…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    36

    Zyxel warns of bad signature update causing firewall boot loops

    Zyxel is warning that a bad security signature update is causing critical errors for USG FLEX or ATP Series firewalls, including putting the device into a boot loop. “We’ve found an issue affecting a few devices that may cause reboot loops, ZySH daemon failures, or login access problems,” warns a new Zyxel advisory. “The system LED may also flash. Please note this…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    37

    SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks

    SonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has been exploited as a zero-day in attacks. The flaw, tracked as CVE-2025-23006 and rated critical (CVSS v3 score: 9.8), could allow remote unauthenticated attackers to execute arbitrary OS commands under specific conditions. The vulnerability affects all…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    45

    Cisco warns of denial of service flaw with PoC exploit code

    Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. Tracked as CVE-2025-20128, the vulnerability is caused by a heap-based buffer overflow weakness in the Object Linking and Embedding 2 (OLE2) decryption routine, allowing unauthenticated, remote attackers to trigger a DoS condition on vulnerable devices. If this vulnerability is successfully exploited, it…

    Read More »
  • Blog
    digitpatroxJanuary 9, 2025
    87

    Ivanti warns of new Connect Secure flaw used in zero-day attacks

    Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became aware of the vulnerabilities after the Ivanti Integrity Checker Tool (ICT) detected malicious activity on customers’ appliances. Ivanti launched an investigation and confirmed that threat actors were actively exploiting CVE-2025-0282 as a zero-day.…

    Read More »
  • Blog
    digitpatroxJanuary 7, 2025
    58

    CISA warns of critical Oracle, Mitel flaws exploited in attacks

    CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. The cybersecurity agency added a critical path traversal vulnerability (CVE-2024-41713) found in the NuPoint Unified Messaging (NPM) component Mitel’s MiCollab unified communications platform to its Known Exploited Vulnerabilities Catalog. This security bug allows…

    Read More »
  • Blog
    digitpatroxDecember 26, 2024
    59

    Apache warns of critical flaws in MINA, HugeGraph, Traffic Control

    The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. The vulnerabilities were patched in new software versions released between December 23 and 25. However, the holiday period may lead to a slower patching rate and increased risk of exploitation. One of the bugs is tracked as CVE-2024-52046 and impacts MINA…

    Read More »
  • Blog
    digitpatroxDecember 23, 2024
    71

    Adobe warns of critical ColdFusion bug with PoC exploit code

    Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers. “Adobe is aware that CVE-2024-53961…

    Read More »
  • Blog
    digitpatroxDecember 22, 2024
    78

    Juniper warns of Mirai botnet scanning for Session Smart routers

    Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials. As the networking infrastructure company explained, the malware scans for devices with default login credentials and executes commands remotely after gaining access, enabling a wide range of malicious activities. The campaign was first observed on December 11, when the first infected…

    Read More »
Load More
Back to top button
close