Bishop Fox security researchers have released detailed information on the CVE-2024-53704 vulnerability, which lets attackers bypass authentication in some versions of the SonicOS SSLVPN application. On January 7, the vendor warned about the risk of exploitation of a flaw and advised administrators to upgrade their SonicOS firewalls’ firmware to fix …

SAP has issued new security patches for 19 vulnerabilities and updated 2 previous Security Notes. This Patch Day features fixes for various issues, including a high-risk authorization flaw in SAP BusinessObjects Business Intelligence. The critical vulnerability (CVE-2025-0064, CVSS 8.7) enables an attacker with admin rights to impersonate any user in …

In January 2025, there were 510 global ransomware incidents, with Akira as the leading group and new ones like MORPHEUS and Gd Lockersec appearing. The Manufacturing sector was the main target, followed by Finance and IT, with the USA being the most affected region. This report highlights key ransomware trends, …

CYFIRMA analysis reveals a sophisticated malware campaign that exploits a major Indian bank’s brand through fake mobile apps. These apps, distributed via phishing links and social engineering, closely resemble the real bank apps, deceiving users into sharing their credentials and personal information. The malware uses advanced techniques, such as encrypted …

Over 1,200 firewall instances are vulnerable to a critical remote code execution issue, known as CVE-2024-52875. The vulnerability is found in several unauthenticated web interface paths, including /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs. These pages do not adequately sanitize user input from the dest GET parameter, allowing attackers to inject line feed …

Apple has issued emergency security updates to fix a zero-day vulnerability, CVE-2025-24200, which is being exploited in targeted attacks on iPhone and iPad users. The vulnerability lets attackers turn off USB Restricted Mode on a locked device, risking unauthorized access to sensitive data. Apple is aware that this issue may …

Zimbra has released updates for its Collaboration software to fix critical security flaws that could lead to information disclosure if exploited. CVE-2025-25064 is a critical vulnerability with a CVSS score of 9.8. It is an SQL injection issue in the ZimbraSync Service SOAP endpoint, affecting versions before 10.0.12 and 10.1.4. …

A serious security vulnerability, CVE-2025-23369, has been found in GitHub Enterprise Server (GHES) that lets attackers bypass SAML authentication and impersonate user accounts. This vulnerability takes advantage of specific anomalies in the libxml2 library employed in SAML response validation, allowing unauthorized access to accounts, even those with administrative rights. The …

India’s central bank to launch a special “.bank.in” domain for banks in April 2025 to fight digital payment fraud and enhance trust in online banking. The Reserve Bank of India announced that the Institute for Development and Research in Banking Technology (IDRBT) will exclusively manage the new “fin.in” domain for …

The Shadowserver Foundation reports that a brute force attack has been active since last month, using nearly 2.8 million IP addresses each day attempting to guess the credentials for a wide range of networking devices. A brute force attack occurs when attackers repeatedly try different usernames and passwords to access …