cybersecurity vulnerability management

From Cyber Security News – Mozilla Releases Urgent Patch for Windows Users Following Recently Exploited Chrome Zero-day

Mozilla has released an emergency security update for its Firefox browser on Windows systems to address a critical vulnerability that could allow attackers to escape browser sandboxes and potentially gain…

shaikh Saqib March 28, 2025

News

From Cyber Security News – Appsmith Developer Tool Vulnerability Let Attackers Execute Remote Code

Security researchers have uncovered multiple critical vulnerabilities in Appsmith, a popular open-source developer platform for building internal applications. Most concerning is CVE-2024-55963, which allows unauthenticated attackers to execute arbitrary system…

shaikh Saqib March 26, 2025

News

From Cyber Security News – Apache Traffic Server Vulnerabilities Let Attackers Perform Malformed Requests

The Apache Software Foundation has issued urgent patches for multiple high-severity vulnerabilities in Apache Traffic Server (ATS), its enterprise-grade caching proxy server. Four distinct flaws (CVE-2024-38311, CVE-2024-56195, CVE-2024-56196, and CVE-2024-56202)…

shaikh Saqib March 10, 2025

News

From Cyber Security News – Apache Pinot Vulnerability Let Remote Attackers Bypass Authentication

A critical security vulnerability in Apache Pinot designated CVE-2024-56325, has been disclosed. It allows unauthenticated, remote attackers to bypass authentication mechanisms and gain unauthorized access to sensitive systems. Researchers from…

shaikh Saqib March 7, 2025

News

From Cyber Security News – ZITADEL IDOR Vulnerabilities Let Attackers Modify Sensitive Settings

A critical Insecure Direct Object Reference (IDOR) vulnerability chain in ZITADEL’s administration interface (CVE-2025-27507) has exposed organizations to systemic risks of account takeover and configuration tampering. Rated 9.0/10 on the…

shaikh Saqib March 6, 2025

News

From The Hacker News – CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control

shaikh Saqib February 26, 2025

News

From The Hacker News – Palo Alto Networks Patches Authentication Bypass Exploit in PAN-OS Software

Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. "An authentication bypass in the Palo Alto Networks PAN-OS software enables an

shaikh Saqib February 13, 2025

News

From Cyber Security News – ‘Wormable’ Windows LDAP Vulnerability Allow Attackers Arbitrary Code Remotely

A critical security vulnerability has been identified in Windows’ Lightweight Directory Access Protocol (LDAP) implementation, allowing attackers to execute arbitrary code remotely. This “wormable” vulnerability, designated as CVE-2025-21376, was disclosed…

shaikh Saqib February 12, 2025