Uncategorized

Palo Alto Networks has issued advisories for two critical vulnerabilities in its PAN-OS. The vulnerabilities, CVE-2025-0108 and CVE-2025-0110, may enable attackers to bypass authentication and run arbitrary commands. CVE-2025-0108: Authentication Bypass Vulnerability A vulnerability in the PAN-OS management web interface (CVSSv3.1 score 7.8) allows unauthenticated attackers with network access to …

Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to fix several vulnerabilities, including three critical issues. The company discovered the flaws via its responsible disclosure program from CISA, Akamai, and the HackerOne bug bounty platform. Ivanti’s security bulletin …

Wazuh, a top provider of open-source security solutions, has released a critical security advisory for a remote code execution vulnerability (RCE) (CVE-2025-24016) with a CVSS score of 9.9. This flaw could enable attackers to take full control of affected Wazuh servers. Wazuh is a popular platform for threat prevention, detection, …

Bishop Fox security researchers have released detailed information on the CVE-2024-53704 vulnerability, which lets attackers bypass authentication in some versions of the SonicOS SSLVPN application. On January 7, the vendor warned about the risk of exploitation of a flaw and advised administrators to upgrade their SonicOS firewalls’ firmware to fix …

Britain’s security officials have ordered that Apple create a so-called ‘back door’ allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, The Washington Post reported on Friday citing people familiar with the matter. Rather than break the security promises it made to its …

A critical vulnerability (CVE-2025-0411) in the file archiving tool 7-Zip is being actively exploited, mainly targeting Ukrainian organizations. It has been included in CISA’s database of known exploited vulnerabilities. This flaw lets attackers bypass Windows’ Mark-of-the-Web (MoTW) security, allowing them to run malicious code. CISA has added CVE-2025-0411, a critical …

A threat actor has reportedly acquired login details, including passwords and email addresses, for 20 million OpenAI accounts. GBHackers report states that an underground forum user claimed to sell a sample of data and the full batch for a low price. The authenticity of these claims is unverified, but the situation …

A recent Aqua Security report highlights major security risks in Kubernetes policy enforcement, especially with Open Policy Agent (OPA) Gatekeeper. Although OPA Gatekeeper is commonly used for security policies in Kubernetes, researchers found methods to bypass its controls due to frequent misconfigurations and weak policies. According to the report, “Implementing …

F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources. When name-based virtual hosts are configured to share the same IP address and port combination, with TLS …

Ransomware payments dropped by 35% last year compared to 2023, despite an increase in the number of attacks, according to a new report from Chainalysis. Despite claims from cybersecurity firms that ransomware activity peaked in 2024, there has been a significant drop in extortion payments. Chainalysis also noted in its …