CVE-2024-40766: Critical SonicWall Firewall Vulnerability
Background SonicWall has released a patch to address a severe vulnerability discovered in certain SonicOS-based firewall devices. The vulnerability, CVE-2024-40766 […]
August 2024 – Microsoft Patch Tuesday Highlights
Background Microsoft’s August 2024 Patch Tuesday release includes security patches for 85 vulnerabilities. These are six actively exploited zero-day vulnerabilities […]
CVE-2024-37085: VMware ESXi Hypervisor Vulnerability Exploited by Ransomware Groups
Background On Monday, July 29, Microsoft issued a comprehensive threat intelligence blog detailing the observed exploitation of CVE-2024-37085, an Active […]
Active exploitation of the ServiceNow RCE
Background ServiceNow provides a platform for corporate transformation. ServiceNow can be used for various purposes, including HR and employee administration, […]
CVE-2024-41110: Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
Background Docker released an advisory on July 23, 2024, addressing a vulnerability in the authorization plugins (AuthZ) used to control […]
July 2024 – Microsoft Patch Tuesday Highlights
Background Microsoft has released the July 2024 Patch Tuesday updates to improve and reinforce its products’ security against a variety […]
regreSSHion: RCE Vulnerability in OpenSSH Server (CVE-2024-6387)
The Secure Shell (SSH) protocol, which is essential for secure communication over unprotected networks, is the foundation of the OpenSSH […]
Tellyouthepass Ransomware and The Active Exploitation of CVE-2024-4577
PHP is mostly used as a programming language for creating dynamic websites and online applications. It operates on the server […]
June 2024 – Microsoft Patch Tuesday Highlights
In order to strengthen Microsoft products against a range of security threats, Microsoft has issued the June 2024 Patch Tuesday […]
Vulnerabilties Targeting Remote Access Technologies – 2024 First Quarter
Remote access technologies are a necessary part of life in the modern world. Regretfully, hackers enjoy them just as much […]
CVE-2024-24919: Check Point Security Gateways Zero-Day Vulnerability
Check Point revealed an arbitrary file read vulnerability impacting Check Point Security Gateways on May 28th, 2024. With a CVSS […]
CVE-2024-20360: SQL injection vulnerability affecting Cisco Firepower Management Center
Cisco fixed a vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software, identified as CVE-2024-20360 (CVSS […]
Ivanti Fixes Several vulnerabilities Affecting Endpoint Manager (EPM)
Ivanti Endpoint Manager consists of a wide variety of powerful and easy-to-use tools that allaAll clients, devices and user profiles […]
CVE-2024-4985: GitHub Enterprise Server Authentication Bypass Vulnerability
GitHub Enterprise Server is a self-hosted platform that facilitates software development, scaling, and delivery for enterprises. For businesses needing greater […]
CVE-2024-29849: Critical Veeam Vulnerability Leads to Authentication Bypass
Veeam Backup Enterprise Manager, An administrative console is intended to assist in managing the tasks associated with Veeam Backup & […]
May 2024 – Microsoft Patch Tuesday Highlights
Microsoft has fixed two zero-day vulnerabilities that are known to be exploited in the wild in this month’s security patches. […]
CVE-2024-3400: Palo Alto PAN-OS Command Injection Vulnerability
Background Palo Alto Networks discovered a significant vulnerability in PAN-OS software used in security appliances such as next-generation firewalls on […]
Critical Vulnerabilities Affecting FortiOS, FortiProxy, and FortiClientEMS
Background Five Fortinet advisories that address vulnerabilities in a variety of products, such as FortiOS and FortiProxy SSLVPN, FortiWLM MEA […]
Critical Fixes for March 2024 Patch Tuesday
Background Microsoft has issued Patch Tuesday for March 2024, fixing 61 security flaws. Two vulnerabilities are categorized as critical in […]
ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
ConnectWise released a major advisory on February 19, 2024, addressing two extremely serious vulnerabilities affecting ScreenConnect versions 23.9.7 and earlier: […]
CVE-2024-22245: VMware Requests EAP Uninstall ASAP
This week, VMware published a security advisory addressing two vulnerabilities detected in the VMware Enhanced Authentication Plug-in (EAP): one recorded […]
CVE-2024-21413: Critical MonikerLink Vulnerability in Outlook
An intriguing vulnerability in how Outlook handles particular hyperlinks has been found, and threat actors have been known to use […]
CVE-2024-21762: Critical Fortinet FortiOS Vulnerability
Background Two serious FortiOS vulnerabilities were discovered by Fortinet’s FortiGuard on February 8, 2024. Unauthenticated threat actors may be able […]
CVE-2024-21893: New Ivanti Zero-Day Vulnerability Actively Exploited
Employees, partners, and clients may access business data and apps securely and under control with the help of Ivanti Connect […]