security patching – Threat Note

From Security Week – Details Emerge on CVE Controversy Around Exploited CrushFTP Vulnerability

[[{"value":"Two CVEs now exist for an actively exploited CrushFTP vulnerability and much of the security industry is using the ‘wrong one’. The post Details Emerge on CVE Controversy Around Exploited…

shaikh Saqib April 3, 2025

News

From Cyber Security News – CrushFTP Vulnerability Exploited in Attacks Following PoC Release

Security researchers have confirmed active exploitation attempts targeting the critical authentication bypass vulnerability in CrushFTP (CVE-2025-2825) following the public release of proof-of-concept exploit code. Based on Shadowserver Foundation’s most recent…

shaikh Saqib April 1, 2025

Vulnerabilities

From Cybersecurity Help – New RESURGE malware targets Ivanti Connect Secure devices

RESURGE has capabilities similar to the SPAWNCHIMERA malware variant, albeit with several differences. Read More

Samir K March 31, 2025

News

From Cyber Security News – Tor Browser 14.0.8 Released Emergency Update for Windows Users

The Tor Project has issued an emergency update for Windows users on March 27, 2025, releasing Tor Browser 14.0.8 with critical security patches. This Windows-only release addresses “very urgent” security…

shaikh Saqib March 28, 2025

News

From Security Week – Critical Next.js Vulnerability in Hacker Crosshairs

[[{"value":"Threat actors have started probing servers impacted by a critical-severity vulnerability in the web application development framework Next.js. The post Critical Next.js Vulnerability in Hacker Crosshairs appeared first on SecurityWeek."}]] Read…

shaikh Saqib March 26, 2025

News

From Dark Reading – Consumer Groups Push IoT Security Bill to Address EoL Concerns

Consumer Reports, Secure Resilient Future Foundation (SRFF) and US Public Interest Research Group (PIRG) introduced a model bill to increase transparency around Internet of Things that have reached end-of-life status. Read…

shaikh Saqib March 13, 2025

News

From Cyber Security News – SolarWinds Web Help Desk Vulnerability Let Hackers Access Stored Passwords – PoC Released

A critical vulnerability in SolarWinds’ Web Help Desk software (CVE-2024-28989) allowed attackers to decrypt sensitive credentials, including database passwords and LDAP/SMTP authentication secrets, through cryptographic weaknesses in its AES-GCM implementation. …

shaikh Saqib March 12, 2025

Articles

From Krebs on Security – Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Read More

shaikh Saqib March 12, 2025

News

From Security Week – Mass Exploitation of Critical PHP Vulnerability Begins

[[{"value":"GreyNoise warns of mass exploitation of a critical vulnerability in PHP leading to remote code execution on vulnerable servers. The post Mass Exploitation of Critical PHP Vulnerability Begins appeared first…

shaikh Saqib March 10, 2025

News

From Cyber Security News – LibreOffice Vulnerability Let Attackers Execute Arbitrary Script Using Macro URL

A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs. Patched in versions 24.8.5 and 25.2.1…

shaikh Saqib March 6, 2025

News

From Cyber Security News – 15 Best Patch Management Tools In 2025

Patch management tools are essential for maintaining the security and efficiency of IT systems in 2025. These tools automate the process of identifying, testing, and deploying software updates and security…

shaikh Saqib March 6, 2025

News

From Security Week – Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities

[[{"value":"Chrome 134 and Firefox 136 are rolling out across desktop and mobile with patches for multiple high-severity vulnerabilities. The post Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities appeared first on…

shaikh Saqib March 5, 2025

News

From Cyber Security News – HiveOS Vulnerabilities Let Attackers Execute Arbitrary Commands

Security researchers have uncovered three critical vulnerabilities in Extreme Networks’ IQ Engine (HiveOS) that collectively enable authenticated attackers to escalate privileges, decrypt passwords, and execute arbitrary commands on affected systems. …

shaikh Saqib March 3, 2025

News

From Dark Reading – Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs

Companies critical to the aviation and aerospace supply chains didn't patch a known CVE, providing opportunity for foreign espionage. Read More

shaikh Saqib February 27, 2025

News

From Cyber Security News – Nagios XI Vulnerability Allows Unauthenticated Users to View Other User Details & Email

A significant security vulnerability (CVE-2024-54961) has been identified in Nagios XI 2024R1.2.2, enabling unauthenticated attackers to retrieve sensitive user information, including usernames and email addresses. This flaw, classified as an…

shaikh Saqib February 24, 2025