Security researchers at Bishop Fox released a PoC for a vulnerability impacting SonicWall SonicOS. Tracked as CVE-2024-53704, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow a remote attacker to bypass authentication and retrieve the session cookie for a logged-in user, leading to session … Continue reading “CISA Added SonicWall SonicOS Authentication Bypass Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2024-53704)”
Palo Alto Networks (PAN-OS) Authentication Bypass Vulnerability (CVE-2025-0108)
Palo Alto released a security advisory to address a high severity impacting PAN-OS. Tracked as CVE-2025-0108, the vulnerability may allow an attacker to bypass the PAN-OS management web interface authentication and invoke PHP scripts. An attacker with network access to the PAN-OS management web interface may exploit the vulnerability.
Ivanti February Security Updates Addresses Multiple Vulnerabilities in Popular Products
Ivanti released its security updates for February, addressing various critical and high severity vulnerabilities. The vulnerabilities impact Ivanti products such as Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Cloud Services Application (CSA), and Ivanti Secure Access Client (ISAC). The advisory addressed 10 vulnerabilities that can lead to remote code execution, privilege escalation, and more. … Continue reading “Ivanti February Security Updates Addresses Multiple Vulnerabilities in Popular Products”
CISA Added Apple iOS Zero-day Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-24200)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently acknowledged the active exploitation of a vulnerability impacting Apple iOS and iPadOS devices. Tracked as CVE-2025-24200, the vulnerability may allow attackers to execute code on target systems. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch the flaw before March … Continue reading “CISA Added Apple iOS Zero-day Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-24200)”
Microsoft Patch Tuesday, February 2025 Security Update Review
As the second Patch Tuesday of 2025 arrives, Microsoft has released crucial updates to strengthen cybersecurity defenses. Let’s explore the highlights and what they mean for users. Microsoft Patch’s Tuesday, February 2025 edition addressed 67 vulnerabilities, including three critical and 53 important severity vulnerabilities. In this month’s updates, Microsoft has addressed four zero-day vulnerabilities, two … Continue reading “Microsoft Patch Tuesday, February 2025 Security Update Review”
Zimbra Collaboration Suite (ZCS) SQL Injection Vulnerability (CVE-2025-25064)
Zimbra released a security advisory to address a security vulnerability in the Zimbra Collaboration Suite (ZCS). Tracked as CVE-2025-25064, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow attackers to gain unauthorized access to sensitive data and internal network resources.
SimpleHelp Remote Monitoring and Management Multiple Vulnerabilities (CVE-2024-57726, CVE-2024-57727, & CVE-2024-57728)
SimpleHelp remote monitoring and management software is vulnerable to three security flaws that can lead to information disclosure, privilege escalation, and remote code execution. Tracked as CVE-2024-57726, CVE-2024-57727, & CVE-2024-57728, the vulnerabilities were disclosed by Horizon3.ai last month. The vulnerabilities came into the news when it was observed that threat actors were exploiting them to … Continue reading “SimpleHelp Remote Monitoring and Management Multiple Vulnerabilities (CVE-2024-57726, CVE-2024-57727, & CVE-2024-57728)”
Cisco Releases Fixes for Identity Services Engine (ISE) Vulnerabilities (CVE-2025-20124 & CVE-2025-20125)
Cisco Identity Services Engine (ISE) is vulnerable to two critical security flaws tracked as CVE-2025-20124 & CVE-2025-20125. Successful exploitation of the vulnerabilities may allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. An attacker must have valid read-only administrative credentials to successfully exploit the vulnerabilities.
Apple Fixes Actively Exploited Zero-day Vulnerability (CVE-2025-24085)
Apple released a security update to address a zero-day vulnerability, tracked as CVE-2024-24085. The security updates addressed 33 vulnerabilities impacting multiple products such as macOS Sonoma, macOS Ventura, macOS Sequoia, Safari, iOS, and iPadOS. CVE-2025-24085 The use after free vulnerability exists in the CoreMedia component of macOS Sequoia, iOS, and iPadOS. Successful exploitation of the vulnerability … Continue reading “Apple Fixes Actively Exploited Zero-day Vulnerability (CVE-2025-24085)”
Oracle Critical Patch Update, January 2025 Security Update Review
Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle Communications … Continue reading “Oracle Critical Patch Update, January 2025 Security Update Review”
