The Cybersecurity and Infrastructure Security Agency (CISA) has added a patched, high-severity vulnerability affecting NAKIVO’s backup and replication software to its known exploited vulnerability (KEV) catalog. The flaw, tracked as CVE-2024-48248, is a path traversal issue that received a high severity rating with CVSS 8.6 out of 10 and was marked “critical” by NAKIVO in…
Category: Security, Vulnerabilities
Exploits, Global Security News, Security, Vulnerabilities
Critical vulnerabilities expose network security risks in Keysight’s infrastructure
Keysight Technologies’ Ixia Vision product family has been found to contain critical security vulnerabilities that could allow remote attackers to compromise affected devices. According to a newly issued alert from the Cybersecurity and Infrastructure Security Agency (CISA), these flaws expose the devices to risks such as remote code execution, unauthorized file downloads, and system crashes,…
Exploits, Global Security News, Security, Vulnerabilities
Over 12,000 KerioControl firewalls remain prone to RCE attack amid active exploits
Businesses around the globe have over 12,000 vulnerable instances of the GFI KerioControl application — a unified threat management (UTM) firewall software designed for small and mid-sized enterprises. The unpatched instances remained high weeks after the patches were issued for a critical RCE bug. Tracked as CVE-2024-52875, the vulnerability is an improper input sanitization error…
Exploits, Global Security News, Security, Vulnerabilities
Apple issues emergency patches to contain an ‘extremely sophisticated attack’ on targeted individuals
Apple has rolled out emergency security patches after discovering that an “extremely sophisticated attack” exploited a flaw in its USB Restricted Mode, potentially targeting specific individuals. The company released updates for iOS and iPadOS to fix the vulnerability, which could allow attackers with physical access to disable security protections on locked devices. “A physical attack…
Exploits, Global Security News, Security, Vulnerabilities
Hackers breach Microsoft IIS services using Cityworks RCE bug
Hackers are exploiting a high-severity remote code execution (RCE) flaw in Cityworks deployments — a GIS-centric asset and work order management software — to execute codes on a customers’ Microsoft web servers. In a coordinated advisory with the US Cybersecurity and Infrastructure Security Agency (CISA), Cityworks’ developer Trimble said that the vulnerability, tracked as CVE-2025-0994…
Exploits, Global Security News, Security, Vulnerabilities
Cisco’s ISE bugs could allow root-level command execution
Cisco is warning enterprise admins of two critical flaws within its identity and management (IAM) solution, Identity Services Engine (ISE), that could allow attackers to obtain unauthorized privileges and run arbitrary commands on affected systems. Tracked as CVE-2025-20124 and CVE-2025-20125, the flaws have received a critical severity rating of CVSS 9.9 and 9.1 out of…
Global Security News, Security, Vulnerabilities
AMD patches microcode security holes after accidental early disclosure
AMD on Monday issued two patches for severe microcode security flaws, defects that AMD said “could lead to the loss of Secure Encrypted Virtualization (SEV) protection.” The bugs were inadvertently revealed by a partner last week. The most dangerous time for this kind of security hole is right after it is disclosed and before patches…
Exploits, Global Security News, Security, Vulnerabilities
VMware offers fixes to severe vulnerabilities in VMware Aria
VMware has fixed multiple high-severity vulnerabilities affecting its cloud management platform (CMP), VMware Aria, which could allow attackers to steal sensitive credentials from the virtualization giant’s IT management and logging solutions. Parent company Broadcom, in an advisory issued on Thursday, revealed that two out of five recently disclosed vulnerabilities are “high severity” information disclosure flaws…
Exploits, Global Security News, Security, Vulnerabilities
Poor patching regime is opening businesses to serious problems
Vulnerability remediation is taking a severe hit as security teams are faced with fatigue from a growing number of publicly disclosed vulnerabilities. According to an analysis by S&P Global Ratings, a joint division of S&P Global and the cyber risk analytics company Guidewire, almost three-quarters of organizations are either occasionally or infrequently remediating the vulnerabilities…
Global Security News, Security, Vulnerabilities
Open source vulnerability scanner found with a serious vulnerability in its own code
A widely popular open-source tool, Nuclei, used for scanning vulnerabilities and weaknesses in websites, cloud applications, and networks is found to have a high-severity flaw that could potentially allow attackers to execute malicious codes on local systems. The flaw tracked as CVE-2024-43405 is assigned a CVSS score of 7.4 out of 10 and is said…