Alert

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using specially crafted .library-ms files. Microsoft patched this vulnerability on March 11, 2025. It affects all supported Windows versions and has been weaponized less than two weeks after its disclosure. The …

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs ends today, potentially disrupting the global cybersecurity industry. CVE, the more important of the two, is managed by MITRE with support from the U.S. National Cyber Security …

The Australian Cyber Security Centre (ACSC) has alerted technical users in both private and public sectors about ongoing exploitation of known vulnerabilities following a new advisory highlighting the exploitation of previously known vulnerabilities in Fortinet products. Organizations are urged to take immediate action. Fortinet has detected that attackers are exploiting …

The Cybersecurity and Infrastructure Security Agency (CISA) has released ten new advisories regarding Industrial Control Systems (ICS) to highlight serious vulnerabilities and exploits that could affect vital industrial systems. Released on April 10, 2025, these advisories offer essential information on current cybersecurity risks, aiding industries in threat prevention and protecting …

Fortinet has fixed several vulnerabilities in its products, including FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiVoice, FortiWeb, and FortiSwitch. The vulnerabilities include improper log handling, unverified password changes, and weak credential protection. The company has released patches and strategies to protect users from possible exploitation. Insufficiently Protected Credentials Vulnerability in FortiOS: A …

Microsoft’s April security update, released on Tuesday, addressed 121 vulnerabilities, marking the largest patch for the year. Despite a high number of bulletins, Microsoft addressed only one zero-day flaw this month, down from seven last month. It remains a top priority for IT to patch. CVE-2025-29824 is a privilege escalation …

The spoofing vulnerability, CVE-2025-30401, impacts all WhatsApp Desktop versions for Windows before 2.2450.6, posing a risk to users dealing with attachments on the platform. According to the official security advisory, the application “displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename …

GreyNoise has detected a sharp increase in login scanning aimed at Palo Alto Networks PAN-OS GlobalProtect portals. In the past 30 days, nearly 24,000 unique IP addresses have tried to access these portals. This indicates a coordinated attempt to test network defenses and find vulnerable systems, possibly as a step …

Canon has announced a critical security vulnerability, CVE-2025-1268, in printer drivers for its production printers, multifunction printers, and laser printers. This out-of-bounds issue may disrupt printing or allow malicious code execution when processed by a harmful application. The affected printer drivers include several versions of Canon’s Generic Plus drivers: Generic …

Cybersecurity researcher Jeremiah Fowler recently revealed a sensitive data exposure involving the Australian fintech company Vroom by YouX, previously known as Drive IQ. Fowler, in a report to Website Planet, found an unsecured Amazon S3 bucket with 27,000 records. This database contained sensitive personal information, such as driver’s licenses, medical …