On February 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued 20 advisories about serious vulnerabilities in Industrial Control Systems (ICS) and medical devices. These disclosures aim to tackle increasing cyber threats to critical infrastructure and operational technology (OT). The advisories cover vulnerabilities in products from various manufacturers, including …
Read More »Intel Patched 374 Vulnerabilities in multiple products
In 2024, Intel addressed a remarkable 374 vulnerabilities across its software, firmware, and hardware products, distributing bug bounty rewards for approximately half of these issues. Intel’s latest product security report reveals that the highest number of resolved bugs last year (272) were in utilities (146), drivers (68), applications (35), SDKs …
Read More »Microsoft 2025 February Patch Tuesday fixes 2 zero-days, 55 flaws
Microsoft’s February 2025 Patch Tuesday includes security updates for 55 vulnerabilities, including four zero-days, two of which are currently being exploited. This Patch Tuesday addresses three critical remote code execution vulnerabilities. The number of bugs in each vulnerability category is listed below: 19 Elevation of Privilege Vulnerabilities 2 Security Feature …
Read More »SAP Security Patch February 2025: Multi Vulns Addressed
SAP has issued new security patches for 19 vulnerabilities and updated 2 previous Security Notes. This Patch Day features fixes for various issues, including a high-risk authorization flaw in SAP BusinessObjects Business Intelligence. The critical vulnerability (CVE-2025-0064, CVSS 8.7) enables an attacker with admin rights to impersonate any user in …
Read More »
CVE-2024-52875
Over 12,000 Firewall Vulnerable to 1-Click RCE Exploit
Over 1,200 firewall instances are vulnerable to a critical remote code execution issue, known as CVE-2024-52875. The vulnerability is found in several unauthenticated web interface paths, including /nonauth/addCertException.cs, /nonauth/guestConfirm.cs, and /nonauth/expiration.cs. These pages do not adequately sanitize user input from the dest GET parameter, allowing attackers to inject line feed …
Read More »
CVE-2025-24200
Apple releases update of zero-day vuln exploited in the Wild
Apple has issued emergency security updates to fix a zero-day vulnerability, CVE-2025-24200, which is being exploited in targeted attacks on iPhone and iPad users. The vulnerability lets attackers turn off USB Restricted Mode on a locked device, risking unauthorized access to sensitive data. Apple is aware that this issue may …
Read More »Zimbra Releases Updates for SQL Injection, XSS, and SSRF Vulns
Zimbra has released updates for its Collaboration software to fix critical security flaws that could lead to information disclosure if exploited. CVE-2025-25064 is a critical vulnerability with a CVSS score of 9.8. It is an SQL injection issue in the ZimbraSync Service SOAP endpoint, affecting versions before 10.0.12 and 10.1.4. …
Read More »Cisco Patches Critical Identity Services Engine (ISE) Vulnerabilities
Cisco has updated its Identity Services Engine (ISE) to fix two critical security flaws that could let remote attackers execute arbitrary commands and gain elevated privileges on affected devices. The vulnerabilities are listed below: CVE-2025-20124 (CVSS score: 9.9): A vulnerability in a Cisco ISE API that allows an authenticated attacker …
Read More »Paragon spyware targeted victims in dozens of European countries: Italy says
WhatsApp revealed that seven Italians, along with victims from over a dozen other European countries, were targeted by spyware in a widespread hacking campaign, according to the Italian government. Italy’s cybersecurity agency, Agenzia per la Cybersicurezza Nazionale (ANC), is investigating alleged hacking attempts by Paragon Solutions, according to a statement …
Read More »Sophisticated malware attack on Indian Banks; Exposes 50,000 users
The zLabs research team found a mobile malware campaign with nearly 900 malware samples aimed at Indian bank users. Analysis shows shared code, interfaces, and logos, indicating a single group behind the attacks on Android devices. Zimperium’s detection engine successfully identified these as Trojan Bankers targeting Indian financial institutions. This …
Read More »