Tag: critical vulnerability

A critical Ivanti Connect Secure VPN vulnerability, identified as CVE-2025-0282, was disclosed. Threat actors are actively exploiting it in the wild, primarily targeting organizations relying on Ivanti’s Zero Trust Access (ZTA) solutions. Review this Cybersecurity Threat Advisory to see how...

Vincent Yu / January 13, 2025

Cybersecurity Threat Advisory: PAN-OS critical vulnerability

Featured Security

Cybersecurity Threat Advisory: PAN-OS critical vulnerability

A critical vulnerability, tracked as CVE-2024-3393 with a CVSS score of 8.7, has been identified in Palo Alto Networks’ PAN-OS software. This flaw allows unauthenticated attackers to send specially crafted packets that can reboot affected firewalls, leading to potential service...

Spartak Myrto / December 31, 2024

Cybersecurity Threat Advisory: Cleo file transfer critical vulnerability

Featured Security

Cybersecurity Threat Advisory: Cleo file transfer critical vulnerability

A critical vulnerability, identified as CVE-2024-50623, has been discovered in Cleo’s file transfer software suite. This vulnerability allows attackers to exploit an unrestricted file upload and download flaw, potentially leading to remote code execution (RCE) on vulnerable systems. Continue reading...

Stacey Landrum / December 10, 2024

Cybersecurity Threat Advisory: WordPress plugin critical vulnerabilities

Featured Security

Cybersecurity Threat Advisory: WordPress plugin critical vulnerabilities

Two critical security flaws have been identified in a WordPress plugin—Anti-Spam by CleanTalk. This plugin is installed on more than 200,000 websites. Review this Cybersecurity Threat Advisory to learn how to mitigate your risks from these vulnerabilities. What is...

Mandeep Gujral / November 28, 2024

Cybersecurity Threat Advisory: Okta username flaw

Featured Security

Cybersecurity Threat Advisory: Okta username flaw

Researchers have discovered a critical vulnerability in Okta which allows an user to authenticate to an account with a username longer than 52 characters without multi-factor authentication (MFA) enabled. Read this Cybersecurity Threat Advisory to learn how this may impact...

Devyn Souza / November 7, 2024

Cybersecurity Threat Advisory: SonicWall VPN vulnerability

Featured Security

Cybersecurity Threat Advisory: SonicWall VPN vulnerability

Fog and Akira ransomware operators are exploiting a critical SonicWall SSL VPN vulnerability, CVE-2024-40766, to breach corporate networks. Continue reading this Cybersecurity Threat Advisory to learn the tactics these groups are using and how you can reduce the risk of...

Sana Ansari / October 29, 2024

Cybersecurity Threat Advisory: FortiManager API vulnerability exploited

Featured Security

Cybersecurity Threat Advisory: FortiManager API vulnerability exploited

Fortinet has publicly disclosed a vulnerability in the FortiManager API. The vulnerability, tracked as CVE-2024-47575 and dubbed ‘FortiJump,’ has been exploited as a zero-day since at least June 2024. Organizations using vulnerable FortiManager versions should review this Cybersecurity Threat Advisory...

Zachary Beaudet / October 25, 2024

Cybersecurity Threat Advisory: Critical SonicOS vulnerability

Featured Security

Cybersecurity Threat Advisory: Critical SonicOS vulnerability

A critical vulnerability has been identified in the SonicWall SonicOS management access. Continue reading this Cybersecurity Threat Advisory to learn about this vulnerability and recommendations to secure your environment. What is the threat? CVE-2024-40766, a critical vulnerability in the management...

Spartak Myrto / August 27, 2024

Cybersecurity Threat Advisory: Another zero-click Windows TCP/IP vulnerability

Featured Security

Cybersecurity Threat Advisory: Another zero-click Windows TCP/IP vulnerability

Another critical zero-click Windows vulnerability, identified as CVE-2024-38063, has been discovered in the Windows TCP/IP stack, affecting all systems with IPv6 enabled. Review this Cybersecurity Threat Advisory now to mitigate potential exploitation and protect your systems. What is the threat?...

Laila Mubashar / August 16, 2024

Cybersecurity Threat Advisory: Critical zero-click vulnerability in Microsoft Outlook

Featured Security

Cybersecurity Threat Advisory: Critical zero-click vulnerability in Microsoft Outlook

A critical zero-click remote code execution (RCE) vulnerability, identified as CVE-2024-30103, was recently discovered in Microsoft Outlook. This flaw allows malicious actors to execute arbitrary code on a victim’s system simply by opening a specially crafted email. Review the details...

Stacey Landrum / August 15, 2024

Categories

Tags

Archives

Tag: critical vulnerability

Cybersecurity Threat Advisory: Active exploitation of Ivanti’s Connect Secure VPN

Cybersecurity Threat Advisory: PAN-OS critical vulnerability

Cybersecurity Threat Advisory: Cleo file transfer critical vulnerability

Cybersecurity Threat Advisory: WordPress plugin critical vulnerabilities

Cybersecurity Threat Advisory: Okta username flaw

Cybersecurity Threat Advisory: SonicWall VPN vulnerability

Cybersecurity Threat Advisory: FortiManager API vulnerability exploited

Cybersecurity Threat Advisory: Critical SonicOS vulnerability

Cybersecurity Threat Advisory: Another zero-click Windows TCP/IP vulnerability

Cybersecurity Threat Advisory: Critical zero-click vulnerability in Microsoft Outlook