Friday , March 28 2025

infosecbulletin

(CVE-2025-1146
CrowdStrike Fixed High-Severity TLS Vuln in Falcon Sensor

CrowdStrike

CrowdStrike has issued a security advisory for a serious TLS vulnerability, CVE-2025-1146, in its Falcon Sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. This vulnerability could enable man-in-the-middle (MiTM) attacks. CrowdStrike secures communications from the Falcon sensor to its cloud using standard TLS. However, a validation error …

Read More »

CVE-2025-0108 & CVE-2025-0110
Palo Alto Networks Addressed High-Severity PAN-OS Vulns

Palo Alto Networks

Palo Alto Networks has issued advisories for two critical vulnerabilities in its PAN-OS. The vulnerabilities, CVE-2025-0108 and CVE-2025-0110, may enable attackers to bypass authentication and run arbitrary commands. CVE-2025-0108: Authentication Bypass Vulnerability A vulnerability in the PAN-OS management web interface (CVSSv3.1 score 7.8) allows unauthenticated attackers with network access to …

Read More »

Update Now
Ivanti Patches 3 Critical Flaws in Connect Secure and Policy Secure

Ivanti

Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to fix several vulnerabilities, including three critical issues. The company discovered the flaws via its responsible disclosure program from CISA, Akamai, and the HackerOne bug bounty platform. Ivanti’s security bulletin …

Read More »

This Adtech Company is Powering Surveillance of U.S. Military Personnel

US Military

Last year, a joint investigation revealed that a Florida-based data broker, Datastream Group, was selling highly sensitive location data that tracked United States (US) military and intelligence personnel overseas. However, at the time, the origin of that data remained unknown. Now, a letter sent to US senator Ron Wyden’s office …

Read More »

Intel Patched 374 Vulnerabilities in multiple products

374 Vulnerabilities

In 2024, Intel addressed a remarkable 374 vulnerabilities across its software, firmware, and hardware products, distributing bug bounty rewards for approximately half of these issues. Intel’s latest product security report reveals that the highest number of resolved bugs last year (272) were in utilities (146), drivers (68), applications (35), SDKs …

Read More »

CVE-2025-24016
Critical RCE Vulnerability Discovered in Wazuh Server

wazuh

Wazuh, a top provider of open-source security solutions, has released a critical security advisory for a remote code execution vulnerability (RCE) (CVE-2025-24016) with a CVSS score of 9.9. This flaw could enable attackers to take full control of affected Wazuh servers. Wazuh is a popular platform for threat prevention, detection, …

Read More »

Microsoft 2025 February Patch Tuesday fixes 2 zero-days, 55 flaws

February 2025 Patch

Microsoft’s February 2025 Patch Tuesday includes security updates for 55 vulnerabilities, including four zero-days, two of which are currently being exploited. This Patch Tuesday addresses three critical remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 19 Elevation of Privilege Vulnerabilities 2 Security Feature …

Read More »

Patch Now
SonicWall firewall vuln allows hackers to hijack VPN sessions

Bishop Fox

Bishop Fox security researchers have released detailed information on the CVE-2024-53704 vulnerability, which lets attackers bypass authentication in some versions of the SonicOS SSLVPN application. On January 7, the vendor warned about the risk of exploitation of a flaw and advised administrators to upgrade their SonicOS firewalls’ firmware to fix …

Read More »

SAP Security Patch February 2025: Multi Vulns Addressed

Security Patch

SAP has issued new security patches for 19 vulnerabilities and updated 2 previous Security Notes. This Patch Day features fixes for various issues, including a high-risk authorization flaw in SAP BusinessObjects Business Intelligence. The critical vulnerability (CVE-2025-0064, CVSS 8.7) enables an attacker with admin rights to impersonate any user in …

Read More »

TRACKING RANSOMWARE
Akira Topped January 2025 as the Most Active Ransomware Threat

January 2025

In January 2025, there were 510 global ransomware incidents, with Akira as the leading group and new ones like MORPHEUS and Gd Lockersec appearing. The Manufacturing sector was the main target, followed by Finance and IT, with the USA being the most affected region. This report highlights key ransomware trends, …

Read More »