Alert

The FBI and CISA reported on Wednesday that the ransomware group Ghost has been exploiting software and firmware vulnerabilities as recently as January. The group targets internet services with old, unpatched vulnerabilities that users could have addressed years ago. Cybersecurity researchers began alerting the public about the group in 2021. …

Palo Alto Networks has issued urgent warnings about threat actors to exploit vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls. Coordinated attacks can exploit flaws in authentication and privilege escalation to gain unauthorized access to unpatched devices, threatening the security of enterprise networks. CVE-2025-0108 is a serious authentication …

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the critical CVE-2018-19410 vulnerability. This flaw allows remote, unauthenticated attackers to create admin users, risking unauthorized access and data breaches. It primarily impacts PRTG Network Monitor versions prior to 18.2.40.1683 and …

CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which is currently being exploited in targeted attacks. An authorization bypass flaw in Apple’s USB Restricted Mode allows attackers with physical access to turn off security protections on locked devices, risking …

AMD has released security patches for two high-severity vulnerabilities in its System Management Mode (SMM). If exploited, these could let attackers execute arbitrary code and compromise system integrity. CVE-2024-0179 and CVE-2024-21925 are high-severity vulnerabilities with a CVSS score of 8.2. AMD reported that these flaws, identified by Quarkslab, impact several …

On February 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued 20 advisories about serious vulnerabilities in Industrial Control Systems (ICS) and medical devices. These disclosures aim to tackle increasing cyber threats to critical infrastructure and operational technology (OT). The advisories cover vulnerabilities in products from various manufacturers, including …

The new Astaroth Phishing Kit can bypass two-factor authentication to steal login credentials for Gmail, Yahoo, and Microsoft. It uses a reverse proxy, captures credentials in real-time, and hijacks sessions. The new phishing kit called Astaroth has been found on cybercrime networks by SlashNext threat researchers. Astaroth can bypass two-factor …

In 2024, Intel addressed a remarkable 374 vulnerabilities across its software, firmware, and hardware products, distributing bug bounty rewards for approximately half of these issues. Intel’s latest product security report reveals that the highest number of resolved bugs last year (272) were in utilities (146), drivers (68), applications (35), SDKs …

Microsoft’s February 2025 Patch Tuesday includes security updates for 55 vulnerabilities, including four zero-days, two of which are currently being exploited. This Patch Tuesday addresses three critical remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 19 Elevation of Privilege Vulnerabilities 2 Security Feature …

SAP has issued new security patches for 19 vulnerabilities and updated 2 previous Security Notes. This Patch Day features fixes for various issues, including a high-risk authorization flaw in SAP BusinessObjects Business Intelligence. The critical vulnerability (CVE-2025-0064, CVSS 8.7) enables an attacker with admin rights to impersonate any user in …