The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently acknowledged the active exploitation of a vulnerability impacting Apple iOS and iPadOS devices. Tracked as CVE-2025-24200, the vulnerability may allow attackers to execute code on target systems. CISA added the vulnerability to its Known Exploited Vulnerabilities Catalog, urging users to patch the flaw before March … Continue reading “CISA Added Apple iOS Zero-day Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2025-24200)”
Tag: CISA Known Exploitable Vulnerabilities Catalog
Microsoft Patch Tuesday, February 2025 Security Update Review
As the second Patch Tuesday of 2025 arrives, Microsoft has released crucial updates to strengthen cybersecurity defenses. Let’s explore the highlights and what they mean for users. Microsoft Patch’s Tuesday, February 2025 edition addressed 67 vulnerabilities, including three critical and 53 important severity vulnerabilities. In this month’s updates, Microsoft has addressed four zero-day vulnerabilities, two … Continue reading “Microsoft Patch Tuesday, February 2025 Security Update Review”
SimpleHelp Remote Monitoring and Management Multiple Vulnerabilities (CVE-2024-57726, CVE-2024-57727, & CVE-2024-57728)
SimpleHelp remote monitoring and management software is vulnerable to three security flaws that can lead to information disclosure, privilege escalation, and remote code execution. Tracked as CVE-2024-57726, CVE-2024-57727, & CVE-2024-57728, the vulnerabilities were disclosed by Horizon3.ai last month. The vulnerabilities came into the news when it was observed that threat actors were exploiting them to … Continue reading “SimpleHelp Remote Monitoring and Management Multiple Vulnerabilities (CVE-2024-57726, CVE-2024-57727, & CVE-2024-57728)”
Apple Fixes Actively Exploited Zero-day Vulnerability (CVE-2025-24085)
Apple released a security update to address a zero-day vulnerability, tracked as CVE-2024-24085. The security updates addressed 33 vulnerabilities impacting multiple products such as macOS Sonoma, macOS Ventura, macOS Sequoia, Safari, iOS, and iPadOS. CVE-2025-24085 The use after free vulnerability exists in the CoreMedia component of macOS Sequoia, iOS, and iPadOS. Successful exploitation of the vulnerability … Continue reading “Apple Fixes Actively Exploited Zero-day Vulnerability (CVE-2025-24085)”
Ivanti Released Updates for Ivanti Endpoint Manager (EPM)
Ivanti has addressed multiple critical and high severity vulnerabilities in its security advisory. Ivanti addressed 16 vulnerabilities impacting the Ivanti Endpoint Manager (EPM). Successful exploitation of the vulnerabilities may allow a remote, unauthenticated attacker to execute arbitrary code, elevation of privileges, and denial of service. Ivanti mentioned in the advisory that there is no proof of … Continue reading “Ivanti Released Updates for Ivanti Endpoint Manager (EPM)”
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)
Fortinet released a security advisory to address a zero-day vulnerability tracked as CVE-2024-55591. The vulnerability has a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow a remote attacker to gain super-admin privileges via crafted requests to the Node.js websocket module. Fortinet mentioned in the advisory that the authentication … Continue reading “Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)”
Microsoft Patch Tuesday, January 2025 Security Update Review
Happy New Year! As the calendar turns to January 2025, Microsoft’s first Patch Tuesday of 2025 has arrived. From zero-days to critical vulnerabilities, here’s what deserves your attention. Here’s a breakdown of what’s been patched. Microsoft Patch’s Tuesday, January 2025 edition addressed 159 vulnerabilities, including 10 critical and 149 important severity vulnerabilities. In this month’s … Continue reading “Microsoft Patch Tuesday, January 2025 Security Update Review”
CISA Warns of Mitel MiCollab Vulnerabilities Active Exploitation (CVE-2024-41713 & CVE-2024-55550)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) updates its Known Exploited Vulnerabilities Catalog by adding two Mitel MiCollab vulnerabilities. Tracked as CVE-2024-41713 and CVE-2024-55550, the vulnerabilities may allow a remote unauthenticated attacker to bypass authentication and view/modify sensitive data. CVE-2024-41713 could be chained with CVE-2024-55550 to allow an unauthenticated, remote attacker to read arbitrary … Continue reading “CISA Warns of Mitel MiCollab Vulnerabilities Active Exploitation (CVE-2024-41713 & CVE-2024-55550)”
Palo Alto Networks Denial of Service Vulnerability Exploited in the Wild (CVE-2024-3393)
Palo Alto released a security advisory to address an actively exploited vulnerability, tracked as CVE-2024-3393. The vulnerability impacts Palo Alto Networks software (PAN-OS). Successful exploitation of the vulnerability may lead to a Denial of Service (DoS) attack. “Palo Alto Networks is aware of customers experiencing this Denial of Service (DoS) when their firewall blocks malicious … Continue reading “Palo Alto Networks Denial of Service Vulnerability Exploited in the Wild (CVE-2024-3393)”
CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)
Cybersecurity & Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with two vulnerabilities in Cleo Harmony, VLTrader, and LexiCom. Tracked as CVE-2024-50623 & CVE-2024-55956, successful exploitation of the vulnerability may lead to remote code execution. CISA urged users to patch the vulnerabilities before January 3, 2025 (CVE-2024-50623) and January 7, 2025 (CVE-2024-55956). Cleo … Continue reading “CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)”
