Aggregator

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet.

• CVE-2025-24085 Apple Multiple Products Use-After-Free Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Government agencies and privacy watchdogs have started investigating the Chinese AI chatbot provider over data privacy concerns

A proof-of-concept (PoC) exploit for the actively exploited Windows Common Log File System (CLFS) vulnerability, tracked as CVE-2024-49138 has been released. This vulnerability, which Microsoft patched on December 10, 2024, with update KB5048685 for Windows 11 versions 23H2 and 22H2, has already been exploited in the wild.  Security researchers and organizations are now closely analyzing […]

The post PoC Exploit Released for Actively Exploited Windows CLFS Buffer Overflow appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit for the actively exploited Windows Commo

Threat Detection / Artificial IntelligenceCurious about the buzz around AI in cybersecurity? Wonde

Curious about the buzz around AI in cybersecurity? Wonder if it's just a shiny new toy in the tech world or a serious game changer? Let's unpack this together in a not-to-be-missed webinar that goes beyond the hype to explore the real impact of AI on cybersecurity. Join Ravid Circus, a seasoned pro in cybersecurity and AI, as we peel back the layers of AI in cybersecurity through a revealing

A vulnerability has been found in Zoho ManageEngine Applications Manager up to 174000 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to incorrect authorization. This vulnerability is known as CVE-2024-41140. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in badhonrocks Divi Torque Lite Plugin up to 4.1.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-0353. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in sovica Target Video Easy Publish Plugin up to 3.8.3 on WordPress. This issue affects the function brid_override_yt of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13561. The attack may be initiated remotely. There is no exploit available.

Специалисты разгадали механику опасной и опытной группировки.

In this article, we shall explore different tools & techniques that help us enumera

Currently trending CVE - hypeScore: 3 - A logic issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.7.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, macOS Sonoma 14.7.2, macOS Sequoia 15.2. Photos in the Hidden Photos Album may be viewed without authentication.

Сервис помогал мошенникам обворовывать банки.

Akamai’s Security Intelligence and Response Team (SIRT) has uncovered a novel variant of the Mirai-based botnet malware, dubbed Aquabotv3, actively targeting Mitel SIP phones via a critical vulnerability. This marks the third observed iteration of Aquabot, which now showcases unique capabilities not previously seen in Mirai derivatives. The malware exploits CVE-2024-41710, a command injection vulnerability […]

The post New Aquabot Malware Actively Exploiting Mitel SIP phones injection vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability classified as problematic was found in Trellix HX Console 5.1.1. This vulnerability affects unknown code of the component Data Handler. The manipulation leads to xml entity expansion. This vulnerability was named CVE-2025-0617. The attack can be initiated remotely. There is no exploit available.

Researchers have uncovered new developments in SparkRAT operations, shedding light on its persistent use in malicious campaigns targeting macOS users and government organizations. The findings, detailed in a recent report, underscore the evolving tactics of threat actors leveraging SparkRAT’s modular framework and cross-platform capabilities across Windows, macOS, and Linux. SparkRAT’s Communication Originally released on GitHub […]

The post Hackers Attacking Windows, macOS, and Linux systems With SparkRAT appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.