Tag: CVE
-
The Register: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature
Source URL: https://www.theregister.com/2025/02/28/cisa_kev_list_ransomware/ Source: The Register Title: Ransomware criminals love CISA’s KEV list – and that’s a bug, not a feature Feedly Summary: 1 in 3 entries are used to extort civilians, says new paper Fresh research suggests attackers are actively monitoring databases of vulnerabilities that are known to be useful in carrying out ransomware…
-
The Register: MITRE Caldera security suite scores perfect 10 for insecurity
Source URL: https://www.theregister.com/2025/02/25/10_bug_mitre_caldera/ Source: The Register Title: MITRE Caldera security suite scores perfect 10 for insecurity Feedly Summary: Is a trivial remote-code execution hole in every version part of the training, or? The smart cookie who discovered a perfect 10-out-of-10-severity remote code execution (RCE) bug in MITRE’s Caldera security training platform has urged users to…
-
Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/25/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability Users and administrators are also encouraged…
-
Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/24/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2017-3066 Adobe ColdFusion Deserialization Vulnerability CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious…
-
The Register: Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps
Source URL: https://www.theregister.com/2025/02/24/rather_than_add_a_backdoor/ Source: The Register Title: Rather than add a backdoor, Apple decides to kill iCloud E2EE for UK peeps Feedly Summary: PLUS: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more Infosec in brief Apple has responded to the UK government’s demand for access to its customers’ data stored in iCloud…
-
Alerts: CISA Adds One Known Exploited Vulnerability to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2025/02/21/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose…
-
The Register: Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws
Source URL: https://www.theregister.com/2025/02/21/ivanti_traversal_flaw_poc_exploit/ Source: The Register Title: Ivanti endpoint manager can become endpoint ravager, thanks to quartet of critical flaws Feedly Summary: PoC exploit code shows why this is a patch priority Security engineers have released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, giving those who haven’t already installed patches released in…
-
The Register: Oops, some of our customers’ Power Pages sites were exploited, says Microsoft
Source URL: https://www.theregister.com/2025/02/20/microsoft_patch_power_pages/ Source: The Register Title: Oops, some of our customers’ Power Pages sites were exploited, says Microsoft Feedly Summary: Don’t think this is SaaS and you can relax: Redmond wants a few of you to check your websites Microsoft has fixed a security flaw in its Power Pages website-building SaaS, after criminals got…
-
Hacker News: Greg K-H: "Writing new code in Rust is a win for all of us"
Source URL: https://lore.kernel.org/rust-for-linux/2025021954-flaccid-pucker-f7d9@gregkh/ Source: Hacker News Title: Greg K-H: "Writing new code in Rust is a win for all of us" Feedly Summary: Comments AI Summary and Description: Yes Summary: The discussion revolves around the advancements of Rust as a programming language and its potential to improve memory safety in Linux kernel development. The focus…