Vulnerabilities are proliferating in SonicWall devices and software this year, putting the vendor’s customers at risk of intrusion via secure access gateways and firewalls. The year started off on a sour note for the California-based company when it released security advisories for nine vulnerabilities on Jan. 7. The total number of vulnerabilities publicly disclosed by…
Category: Rapid7
china, CISA, cisco, citrix, Coalition, CVE, Cybercrime, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), edge devices, espionage, exploit, Exploits, firewall, firewalls, Fortinet, Gartner, Global Security News, Google Threat Intelligence Group, ivanti, known exploited vulnerabilities (KEV), Mandiant, National Vulnerability Database, NIST, Palo Alto Networks, Rapid7, Research, routers, Technology, Threats, virtual private network (VPN), VulnCheck, vulnerabilities, vulnerability disclosure, zero days
Is Ivanti the problem or a symptom of a systemic issue with network devices?
Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any…
Adam Barnett, CVE-2025-24983, CVE-2025-24984, CVE-2025-24985, CVE-2025-24991, CVE-2025-24993, CVE-2025-26633, eset, Exploits, Filip Jurčacko, Global Security News, Rapid7, Security Tools, Time to Patch
Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows and Windows Server. Both require the attacker to…
Action1, Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Exploits, Global Security News, Microsoft, Patch Tuesday, Rapid7, Threats, vulnerabilities, zero days
Microsoft patches 57 vulnerabilities, including 6 zero-days
Microsoft patched 57 vulnerabilities affecting its foundational systems and core products, including six actively exploited zero-day vulnerabilities, the company said in its latest security update Tuesday. Four of the six zero-days, which were all added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog, are high-severity on the CVSS scale. The software defects…
Adam Barnett, Adobe, Apple, CVE-2024-38193, CVE-2025-21377, CVE-2025-21391, CVE-2025-21418, Exploits, Global Security News, Google Chrome, microsoft 365 copilot, Microsoft Patch Tuesday February 2025, Other, Rapid7, sans internet storm center, Satnam Narang, Tenable, Time to Patch
Microsoft Patch Tuesday, February 2025 Edition
Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a…
Adam Barnett, Bitlocker, Bob Hopkins, CVE-2024-49142, CVE-2025-21186, CVE-2025-21210, CVE-2025-21298, CVE-2025-21311, CVE-2025-21333, CVE-2025-21334, CVE-2025-21335, CVE-2025-21366, CVE-2025-21395, Exploits, Global Security News, Kev Breen, Latest Warnings, Microsoft Access, Microsoft Patch Tuesday January 2025, Rapid7, Satnam Narang, The Coming Storm, Time to Patch, unpatched.ai, windows 11, Windows Hyper-V, Windows NTLMv1
Microsoft: Happy 2025. Here’s 161 Security Updates
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7‘s Adam Barnett says January marks the fourth consecutive month…
APAC, Artificial Intelligence, Australia, Cybersecurity apac, cybersecurity threats apac 2025, cybersecurity vulnerabilities apac 2025, Exploits, Global Security News, Rapid7, Security
APAC: Ransomware to Cause ‘Bumpy’ Security Ride in 2025
Cashed-up ransomware criminals may exploit more zero days while potential blanket ransomware payment bans hang over defenders like a shadow.
Adam Barnett, CVE-2024-49112, CVE-2024-49138, Fortra, Global Security News, Immersive Labs, LDAP, Lightweight Directory Access Protocol, Microsoft Patch Tuesday December 2024, Other, Rapid7, Rob Reeves, Tenable, Tyler Reguly, Windows Common Log File System (CLFS) driver
Patch Tuesday, December 2024 Edition
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that…