patch management – Threat Note

From Cyber Security News – Hackers Scanning From 24,000 IPs to Gain Access to Palo Alto Networks GlobalProtect Portals

Researchers have detected an alarming surge in malicious scanning activity targeting Palo Alto Networks’ GlobalProtect VPN portals. Over a 30-day period, nearly 24,000 unique IP addresses have attempted to access…

shaikh Saqib April 1, 2025

News

From Cyber Security News – Multiple Dell Unity Vulnerabilities Let Attackers Compromise Affected System

Dell Technologies has released a critical security update addressing multiple severe vulnerabilities in its Unity enterprise storage systems that could allow attackers to execute arbitrary commands as root, delete critical…

shaikh Saqib March 31, 2025

News

From The Hacker News – Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (

shaikh Saqib March 28, 2025

News

From Security Week – UK Software Firm Fined £3 Million Over Ransomware-Caused Data Breach

[[{"value":"The UK ICO has fined Advanced Computer Software Group £3 million ($3.8 million) over a 2022 data breach resulting from a ransomware attack. The post UK Software Firm Fined £3…

shaikh Saqib March 27, 2025

News

From The Hacker News – New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the

shaikh Saqib March 18, 2025

News

From The Hacker News – Over 400 IPs Exploiting Multiple SSRF Vulnerabilities in Coordinated Cyber Attack

Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. "At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts," the company said, adding it observed the activity on March 9, 2025. The countries which

shaikh Saqib March 12, 2025

Vulnerabilities

From Cybersecurity Help – Critical PHP flaw comes under mass-exploitation

If successfully exploited, the flaw could allow attackers to execute arbitrary code. Read More

shaikh Saqib March 11, 2025

News

From Cyber Security News – 15 Best Patch Management Tools In 2025

Patch management tools are essential for maintaining the security and efficiency of IT systems in 2025. These tools automate the process of identifying, testing, and deploying software updates and security…

shaikh Saqib March 6, 2025

News

From Cyber Security News – Cisco Nexus Vulnerability Let Attackers Inject Malicious Commands

Cisco Systems has issued a critical security advisory addressing a command injection vulnerability in its Nexus 3000 and 9000 Series Switches operating in standalone NX-OS mode. Designated as CVE-2025-20161, the…

shaikh Saqib February 27, 2025

News

From Cyber Security News – Authorities Arrested Hackers Behind 90 Data Leaks Worldwide

Authorities arrested a prolific hacker responsible for over 90 data breaches across 65 organizations in the Asia-Pacific region and 25 additional global targets. The cybercriminal, operating under aliases ALTDOS, DESORDEN,…

shaikh Saqib February 27, 2025

News

From The Hacker News – Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting

shaikh Saqib February 25, 2025

News

From Dark Reading – Salt Typhoon Exploits Cisco Devices in Telco Infrastructure

The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months. Read More

shaikh Saqib February 14, 2025

News

From Security Week – Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks

[[{"value":"Patch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warn of remote code execution exploitation risks. The post Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks…

shaikh Saqib February 12, 2025

News

From Cyber Security News – Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Zero-Day’s Actively Exploited

Microsoft released a security update as part of the February Patch Tuesday that addressed 61 vulnerabilities, including 25 classified as critical Remote Code Execution (RCE) vulnerabilities, including 3 zero-day vulnerabilities…

shaikh Saqib February 12, 2025

News

From Cyber Security News – Critical Zimbra Vulnerabilities Let Attackers Unauthorized Access to Internal Resources

Zimbra Collaboration, a popular open-source email and collaboration software, was recently discovered to include critical vulnerabilities that pose serious risks to its users. These vulnerabilities, identified as CVE-2025-25064 and CVE-2025-25065,…

shaikh Saqib February 10, 2025