Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Zero-Day’s Actively Exploited
Microsoft released a security update as part of the February Patch Tuesday that addressed 61 vulnerabilities, including 25 classified as critical Remote Code Execution (RCE) vulnerabilities, including 3 zero-day vulnerabilities that were actively exploited...
Fortinet Addresses Multiple Vulnerabilities in Major Security Update
Fortinet has rolled out critical security updates to address multiple high-risk flaws across its product portfolio, including FortiOS, FortiProxy, FortiManager, and FortiAnalyzer.
Fortinet warns of an already patched zero-day flaw (CVE-2024-55591 & new CVE-2025-24472), which...
FortiOS Security Fabric Vulnerability Let Attackers Escalate Privileges to Super-admin
Fortinet has addressed a critical security flaw in its FortiOS Security Fabric that could allow authenticated administrators to elevate privileges to the super-admin level by connecting vulnerable devices to malicious upstream FortiGate systems.
Tracked...
Critical Ivanti CSA Vulnerability Let Attackers Execute Arbitrary Code Remotely
Ivanti has issued critical updates for its Cloud Services Application (CSA) to address two significant vulnerabilities, one of which could allow attackers to execute arbitrary code remotely.
The vulnerabilities, identified as CVE-2024-47908 and CVE-2024-11771, affect...
Researcher Details Fortinet FortiOS Vulnerabilities Allowing DoS & RCE Attacks
A security audit of Fortinet's FortiOS VPN conducted by Akamai researcher Ben Barnea has uncovered multiple vulnerabilities that could enable attackers to launch denial-of-service (DoS) attacks and potentially execute remote code (RCE).
The findings, responsibly...
LibreOffice Vulnerability Let Attackers Execute Arbitrary Script Using Macro URL
A critical security vulnerability in LibreOffice tracked as CVE-2025-1080, has exposed millions of users to potential remote code execution attacks through manipulated macro URLs.
Patched in versions 24.8.5 and 25.2.1 released on March 4, 2025,...
41,500+ VMware ESXi Instances Vulnerable to Code Execution Attacks
Shadowserver observed that 41,500+ internet-exposed VMware ESXi hypervisors as of March 4, 2025, are vulnerable to CVE-2025-22224, a critical zero-day vulnerability actively exploited in attacks.
Broadcom patched the vulnerability in an emergency update. It...
WordPress Plugin Vulnerability Exposes 10,000 Sites to Code Execution Attacks
A critical security flaw in the GiveWP Donation Plugin tracked as CVE-2025-0912, has exposed over 100,000 WordPress websites to unauthenticated remote code execution (RCE) attacks.
The vulnerability, scoring a maximum CVSS 9.8 (Critical) severity rating,...
Cisco Webex for BroadWorks Vulnerability Let Remote Attackers Access Data & Credentials
A newly disclosed vulnerability in Cisco Webex for BroadWorks Release 45.2 enables remote attackers to intercept sensitive credentials and user data when Session Initiation Protocol (SIP) communications lack encryption.
This vulnerability, rated as low severity...
Fluent Bit 0-day Vulnerabilities Exposes Billions of Production Environments to Cyber Attacks
Researchers uncovered critical zero-day vulnerabilities in Fluent Bit, a ubiquitous logging utility embedded in cloud infrastructure across major providers like AWS, Google Cloud, and Microsoft Azure.
The flaws tracked as CVE-2024-50608 and CVE-2024-50609 (CVSS 8.9),...
Recent Posts
Building A Unified Security Strategy: Integrating Digital Forensics, XDR, And EDR...
In the rapidly evolving world of cybersecurity, organizations are confronted with increasingly sophisticated threats that demand a coordinated and multi-layered defense approach.
The days of...