A recent Aqua Security report highlights major security risks in Kubernetes policy enforcement, especially with Open Policy Agent (OPA) Gatekeeper. Although OPA Gatekeeper is commonly used for security policies in Kubernetes, researchers found methods to bypass its controls due to frequent misconfigurations and weak policies. According to the report, “Implementing …
Read More »
(CVE-2025-23419)
F5 Warns of TLS Session Resumption Vulnerability in NGINX
F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources. When name-based virtual hosts are configured to share the same IP address and port combination, with TLS …
Read More »Ransomware payments statistics for 2024, a drop of 35%
Ransomware payments dropped by 35% last year compared to 2023, despite an increase in the number of attacks, according to a new report from Chainalysis. Despite claims from cybersecurity firms that ransomware activity peaked in 2024, there has been a significant drop in extortion payments. Chainalysis also noted in its …
Read More »CISA Adds 4 Actively Exploited Vuls to KEV Catalog
CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, noting they are actively being exploited. The list of vulnerabilities is as follows: CVE-2024-45195 (CVSS score: 7.5/9.8) – (A vulnerability in Apache OFBiz that lets a remote attacker gain unauthorized access and run code on the server, fixed …
Read More »AMD Patches CPU Vulnerability
AMD announced patches on Monday for a microprocessor vulnerability that risks the loss of Secure Encrypted Virtualization (SEV) protection, potentially allowing attackers to load harmful microcode. CVE-2024-56161, with a CVSS score of 7.2, is a bug involving improper signature verification in the AMD CPU microcode patch loader’s read-only memory. The …
Read More »Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts
Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants have been targeted by attacks, showing the changing tactics of threat actors. HTTP client tools are software that allows users to send HTTP requests and receive responses from web servers. …
Read More »Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104
Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8) is a vulnerability that allows privilege escalation in the USB Video Class (UVC) driver kernel component. Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, …
Read More »
CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability
Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow an attacker to escalate their privileges. The flaws are listed below: CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face …
Read More »Daily Security Update Dated:4.02.2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: DoJ Seizes 39 Domains From Pakistani Hackers …
Read More »768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023
In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in 2023. VulnCheck called 2024 “a strong year for threat actors exploiting vulnerabilities,” noting that 23.6% of known exploited vulnerabilities (KEVs) were weaponized by or on the day their CVEs were …
Read More »