March 2025 Patch Tuesday is here, and Microsoft has rolled out critical security updates that address multiple vulnerabilities across its product suite. Here’s a quick breakdown of what you need to know. Microsoft Patch’s Tuesday, March 2025 edition addressed 67 vulnerabilities, including six critical and 51 important severity vulnerabilities. In this month’s updates, Microsoft has … Continue reading “Microsoft Patch Tuesday, March 2025 Security Update Review”
Apache Camel Message Header Injection Vulnerability (CVE-2025-27636)
Apache released a security advisory to address a security vulnerability impacting Apache Camel. Tracked as CVE-2025-27636, the vulnerability allows attackers to inject headers, which can be exploited to invoke arbitrary methods from the Bean registry.
VMware ESXi, Workstation, and Fusion Vulnerabilities Added to CISA KEV (CVE-2025-22224, CVE-2025-22225, & CVE-2025-22226)
Broadcom released a security advisory to address three vulnerabilities impacting VMware ESXi, Workstation, and Fusion. Tracked as CVE-2025-22224, CVE-2025-22225, & CVE-2025-22226, the vulnerabilities are being exploited in the wild. Security researchers at Microsoft Threat Intelligence Center discovered and reported the vulnerabilities to Broadcom. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users … Continue reading “VMware ESXi, Workstation, and Fusion Vulnerabilities Added to CISA KEV (CVE-2025-22224, CVE-2025-22225, & CVE-2025-22226)”
CISA Added Cisco, Hitachi, Microsoft, and Progress WhatsUp Vulnerabilities to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns about the active exploitation of five vulnerabilities impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold. CISA added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, urging users to patch the flaw before March 24, 2025.
Mattermost Releases Fixes for Critical Vulnerabilities (CVE-2025-25279, CVE-2025-20051, & CVE-2025-24490)
Mattermost has addressed three critical security vulnerabilities impacting its Boards plugin. The vulnerabilities are tracked as CVE-2025-20051, CVE-2025-24490, and CVE-2025-25279. Successful exploitation of the vulnerabilities may allow attackers to read arbitrary files on the system and execute SQL injection attacks.
Fluent Bit Denial of Service Vulnerabilities (CVE-2024-50608 & CVE-2024-50609)
Security researchers at Ebryx discovered two security flaws impacting Fluent Bit. Tracked as CVE-2024-50608 & CVE-2024-50609, the vulnerabilities may allow a remote unauthenticated attacker to crash Fluent Bit and cause Denial of Service.
CISA Added SonicWall SonicOS Authentication Bypass Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2024-53704)
Security researchers at Bishop Fox released a PoC for a vulnerability impacting SonicWall SonicOS. Tracked as CVE-2024-53704, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow a remote attacker to bypass authentication and retrieve the session cookie for a logged-in user, leading to session … Continue reading “CISA Added SonicWall SonicOS Authentication Bypass Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2024-53704)”
Palo Alto Networks (PAN-OS) Authentication Bypass Vulnerability (CVE-2025-0108)
Palo Alto released a security advisory to address a high severity impacting PAN-OS. Tracked as CVE-2025-0108, the vulnerability may allow an attacker to bypass the PAN-OS management web interface authentication and invoke PHP scripts. An attacker with network access to the PAN-OS management web interface may exploit the vulnerability.
Ivanti February Security Updates Addresses Multiple Vulnerabilities in Popular Products
Ivanti released its security updates for February, addressing various critical and high severity vulnerabilities. The vulnerabilities impact Ivanti products such as Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), Cloud Services Application (CSA), and Ivanti Secure Access Client (ISAC). The advisory addressed 10 vulnerabilities that can lead to remote code execution, privilege escalation, and more. … Continue reading “Ivanti February Security Updates Addresses Multiple Vulnerabilities in Popular Products”
CISA Added Apple iOS Zero-day Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-24200)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently acknowledged the active exploitation of a vulnerability impacting Apple iOS and iPadOS devices. Tracked as CVE-2025-24200, the vulnerability may allow attackers to execute code on target systems. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch the flaw before March … Continue reading “CISA Added Apple iOS Zero-day Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-24200)”