SimpleHelp remote monitoring and management software is vulnerable to three security flaws that can lead to information disclosure, privilege escalation, and remote code execution. Tracked as CVE-2024-57726, CVE-2024-57727, & CVE-2024-57728, the vulnerabilities were disclosed by Horizon3.ai last month. The vulnerabilities came into the news when it was observed that threat actors were exploiting them to … Continue reading “SimpleHelp Remote Monitoring and Management Multiple Vulnerabilities (CVE-2024-57726, CVE-2024-57727, & CVE-2024-57728)”
Author: Diksha Ojha
Cisco Releases Fixes for Identity Services Engine (ISE) Vulnerabilities (CVE-2025-20124 & CVE-2025-20125)
Cisco Identity Services Engine (ISE) is vulnerable to two critical security flaws tracked as CVE-2025-20124 & CVE-2025-20125. Successful exploitation of the vulnerabilities may allow an authenticated, remote attacker to execute arbitrary commands and elevate privileges on an affected device. An attacker must have valid read-only administrative credentials to successfully exploit the vulnerabilities.
Apple Fixes Actively Exploited Zero-day Vulnerability (CVE-2025-24085)
Apple released a security update to address a zero-day vulnerability, tracked as CVE-2024-24085. The security updates addressed 33 vulnerabilities impacting multiple products such as macOS Sonoma, macOS Ventura, macOS Sequoia, Safari, iOS, and iPadOS. CVE-2025-24085 The use after free vulnerability exists in the CoreMedia component of macOS Sequoia, iOS, and iPadOS. Successful exploitation of the vulnerability … Continue reading “Apple Fixes Actively Exploited Zero-day Vulnerability (CVE-2025-24085)”
Oracle Critical Patch Update, January 2025 Security Update Review
Oracle released its first quarterly edition of this year’s Critical Patch Update, which received patches for 318 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products. In this quarterly Oracle Critical Patch Update, Oracle Communications … Continue reading “Oracle Critical Patch Update, January 2025 Security Update Review”
Ivanti Released Updates for Ivanti Endpoint Manager (EPM)
Ivanti has addressed multiple critical and high severity vulnerabilities in its security advisory. Ivanti addressed 16 vulnerabilities impacting the Ivanti Endpoint Manager (EPM). Successful exploitation of the vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code, elevation of privileges, and denial of service. Ivanti mentioned in the advisory that there is no proof of … Continue reading “Ivanti Released Updates for Ivanti Endpoint Manager (EPM)”
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)
Fortinet released a security advisory to address a zero-day vulnerability tracked as CVE-2024-55591. The vulnerability has a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow a remote attacker to gain super-admin privileges via crafted requests to the Node.js websocket module. Fortinet mentioned in the advisory that the authentication … Continue reading “Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)”
Microsoft Patch Tuesday, January 2025 Security Update Review
Happy New Year! As the calendar turns to January 2025, Microsoft’s first Patch Tuesday of 2025 has arrived. From zero-days to critical vulnerabilities, here’s what deserves your attention. Here’s a breakdown of what’s been patched. Microsoft Patch’s Tuesday, January 2025 edition addressed 159 vulnerabilities, including 10 critical and 149 important severity vulnerabilities. In this month’s … Continue reading “Microsoft Patch Tuesday, January 2025 Security Update Review”
Ivanti Zero-day Vulnerability Impacts Connect Secure and Policy Secure (CVE-2025-0282)
Ivanti released a security advisory to address critical and high severity vulnerabilities on January 8, 2025. Tracked as CVE-2024-0282 and CVE-2025-0283, the vulnerabilities may allow remote unauthenticated attackers to achieve remote code execution or local authenticated attackers to escalate their privileges on a targeted system. Ivanti mentioned in the advisory that “a limited number of customers … Continue reading “Ivanti Zero-day Vulnerability Impacts Connect Secure and Policy Secure (CVE-2025-0282)”
CISA Warns of Mitel MiCollab Vulnerabilities Active Exploitation (CVE-2024-41713 & CVE-2024-55550)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) updates its Known Exploited Vulnerabilities Catalog by adding two Mitel MiCollab vulnerabilities. Tracked as CVE-2024-41713 and CVE-2024-55550, the vulnerabilities may allow a remote unauthenticated attacker to bypass authentication and view/modify sensitive data. CVE-2024-41713 could be chained with CVE-2024-55550 to allow an unauthenticated, remote attacker to read arbitrary … Continue reading “CISA Warns of Mitel MiCollab Vulnerabilities Active Exploitation (CVE-2024-41713 & CVE-2024-55550)”
WordPress UpdraftPlus Plugin Vulnerability Impacts Millions of Websites (CVE-2024-10957)
WordPress UpdraftPlus plugin is vulnerable to a high-severity PHP object injection vulnerability. Tracked as CVE-2024-10957, the vulnerability may allow an unauthenticated attacker to delete arbitrary files, retrieve sensitive data, or execute code. According to WordPress, more than 3 million websites worldwide use the plugin.
