From The Hacker News – Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
Posted inNews

From The Hacker News – Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting
From The Hacker News – CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List
Posted inNews

From The Hacker News – CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS
From The Hacker News – PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks
Posted inNews

From The Hacker News – PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An
From The Hacker News – Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
Posted inNews

From The Hacker News – Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge
From The Hacker News – XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
Posted inNews

From The Hacker News – XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime