Google released a security advisory to address a zero-day vulnerability tracked as CVE-2025-4664. CVE-2025-4664 is an insufficient policy enforcement in Loader. The vulnerability could allow attackers to bypass security policies within Chrome’s Loader logic, potentially leading to unauthorized code execution or sandbox escape. Google mentioned in the advisory that they are aware of the reports … Continue reading “Google Releases Fix for Zero-day Vulnerability in Chrome (CVE-2025-4664)”
Tag: Exploited in the Wild
Apache Tomcat Remote Code Execution Vulnerability Exploited in the Wild (CVE-2025-24813)
Attackers started exploitation of Apache Tomcat vulnerability just 30 hours after its proof of concept was made public. Tracked as CVE-2025-24813, the vulnerability may allow an unauthorized attacker to view sensitive files or inject arbitrary content into those files utilizing a PUT request. The vulnerability originates from the use of a partial PUT used, a … Continue reading “Apache Tomcat Remote Code Execution Vulnerability Exploited in the Wild (CVE-2025-24813)”
Apple Addressed WebKit Zero-day Vulnerability Impacting iOS Devices (CVE-2025-24201)
Apple released fixes for an actively exploited vulnerability in attacks against iOS devices. Tracked as CVE-2025-24201, the vulnerability also affects macOS Sequoia and Safari web browser. The out-of-bounds write flaw exists in the WebKit browser engine. An attacker may exploit the vulnerability by maliciously crafted web content to break out of the Web Content sandbox. … Continue reading “Apple Addressed WebKit Zero-day Vulnerability Impacting iOS Devices (CVE-2025-24201)”
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)
Fortinet released a security advisory to address a zero-day vulnerability tracked as CVE-2024-55591. The vulnerability has a critical severity rating with a CVSS score of 9.6. Successful exploitation of the vulnerability may allow a remote attacker to gain super-admin privileges via crafted requests to the Node.js websocket module. Fortinet mentioned in the advisory that the authentication … Continue reading “Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability Exploited in Attacks (CVE-2024-55591)”
Palo Alto Networks Denial of Service Vulnerability Exploited in the Wild (CVE-2024-3393)
Palo Alto released a security advisory to address an actively exploited vulnerability, tracked as CVE-2024-3393. The vulnerability impacts Palo Alto Networks software (PAN-OS). Successful exploitation of the vulnerability may lead to a Denial of Service (DoS) attack. “Palo Alto Networks is aware of customers experiencing this Denial of Service (DoS) when their firewall blocks malicious … Continue reading “Palo Alto Networks Denial of Service Vulnerability Exploited in the Wild (CVE-2024-3393)”
CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)
Cybersecurity & Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with two vulnerabilities in Cleo Harmony, VLTrader, and LexiCom. Tracked as CVE-2024-50623 & CVE-2024-55956, successful exploitation of the vulnerability may lead to remote code execution. CISA urged users to patch the vulnerabilities before January 3, 2025 (CVE-2024-50623) and January 7, 2025 (CVE-2024-55956). Cleo … Continue reading “CISA Added Cleo Vulnerabilities to its Known Exploited Vulnerabilities Catalog (CVE-2024-50623 & CVE-2024-55956)”
South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)
APT-C-60, a South Korea-aligned cyber espionage group, has been exploiting a zero-day vulnerability in the Windows version of WPS Office. Attackers exploited the vulnerability to install the SpyGlace backdoor on East Asian targets. Tracked as CVE-2024-7262, the vulnerability allows an attacker to perform remote code execution. ESET (Electronic Systems Engineering Technology) researchers have discovered and … Continue reading “South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)”
Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)
An authentication bypass vulnerability in the Acronis Cyber Infrastructure is being exploited in the wild. Tracked as CVE-2023-45249, this vulnerability has a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on vulnerable systems. An attacker may exploit the vulnerability … Continue reading “Acronis Cyber Infrastructure Critical Vulnerability Exploited in the Wild (CVE-2023-45249)”
Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)
Check Point warned its customers of a vulnerability impacting its Network Security gateway products. The vulnerability, tracked as CVE-2024-24919, is being exploited in the wild. Successful exploitation of the vulnerability may allow an attacker to read specific information on Internet-connected Gateways with remote access VPN or mobile access enabled. CISA acknowledged the active exploitation of … Continue reading “Check Point Security Gateways Information Disclosure Vulnerability Exploited in the Wild (CVE-2024-24919)”
