Cisco has released a security advisory concerning a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management software. With a daunting CVSS score of 9.9, this vulnerability poses a significant risk, as it could enable remote, authenticated attackers with minimal privileges to elevate their access to administrator status on compromised …
Read More »CVE-2025-20156
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The Shadowserver Foundation reports that 48,457 Fortinet devices remain publicly exposed and unpatched for CVE-2024-55591, despite urgent warnings in the last week. The situation hasn’t improved. Shadowserver started tracking exposed devices …
Read More »Daily Security Update Dated: 21.01.2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: MITRE Launches D3FEND 1.0 – A Milestone …
Read More »126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
Ubuntu 22.04 LTS users are advised to update their systems right away due to a crucial security patch from Canonical that fixes critical vulnerabilities in the Linux kernel for Xilinx ZynqMP processors. The Linux kernel for Xilinx Zynq UltraScale+ MPSoC is customized to support the features and hardware of these …
Read More »CERT-UA alerts about “security audit” requests through AnyDesk
Attackers are pretending to be Ukraine’s Computer Emergency Response Team (CERT-UA) using AnyDesk to access target computers. “Unidentified individuals are sending connection requests via AnyDesk under the pretext of conducting a ‘security audit to verify the level of protection,’ using the name ‘CERT.UA,’ the CERT-UA logo, and the AnyDesk ID …
Read More »Oracle Critical Pre-Release update addressed 320 flaw
Oracle Critical Patch Update Pre-Release Announcement shares details about the upcoming update scheduled for January 21, 2025. Note that this information may change before the official advisory is released. A Critical Patch Update contains patches for various security vulnerabilities. This update includes 320 new patches, some of which affect multiple …
Read More »OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
OWASP has released its updated list of the top 10 vulnerabilities in smart contracts for 2025. This guide highlights the most critical vulnerabilities and provides developers and security professionals with a roadmap to reduce risks in decentralized systems. The OWASP Smart Contract Top 10 lists the most common vulnerabilities in …
Read More »Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out DNS rebinding attacks. Binary Security found serious security risks in a widely used development platform during a client engagement. The first vulnerability in Azure DevOps’ ‘endpointproxy’ feature enables Server-Side Request …
Read More »Intel holds 22 employees from one Bangladeshi University
Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and Chemical Engineering at Dhaka University, with 9 at its headquarters. Their presence is due not only to individual skills and hard work but also to the department’s robust curriculum, research …
Read More »VPN Surge 1500% in USA after TikTok Shut Down
vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues. ByteDance, TikTok’s Chinese parent company, is under pressure to sell its U.S. operations by January 19, 2025, or face a ban due to concerns about user data security and possible …
Read More »