Vulnerability: Page 5
-
gorodenkoff via Getty Images
Eleven11bot estimates revised downward as researchers point to Mirai variant
The botnet has been involved in DDoS activity targeting telecom companies and gaming platforms.
By David Jones • March 7, 2025 -
anandaBGD via Getty Images
37K+ VMware ESXi instances vulnerable to critical zero-day
Some customers have been unable to download the patches for three VMware zero-day vulnerabilities due to an issue with the Broadcom Support Portal.
By Rob Wright • March 6, 2025 -
Justin Sullivan / Staff via Getty Images
Broadcom urges customers to patch 3 zero-day VMware flaws
Cyberattackers with administrative access are actively exploiting vulnerabilities in ESXi, Workstation and Fusion products.
By Elizabeth Montalbano, Contributing Reporter • March 5, 2025 -
JUN LI via Getty Images
Microsoft-signed driver used in ransomware attacks
Threat actors are exploiting a privilege escalation flaw in Paragon Partition Manager for “bring your own vulnerable driver” (BYOVD) attacks.
By Rob Wright • March 3, 2025 -
Just_Super/Getty Images via Getty Images
Leaked ransomware chat logs reveal Black Basta’s targeted CVEs
Cybercrime group focused on Microsoft vulnerabilities as well as flaws in network edge devices and communications software.
By Rob Wright • Feb. 27, 2025 -
Wirestock via Getty Images
Nearly 3K Ivanti Connect Secure instances vulnerable to critical flaw
U.S. has the most VPNs not yet patched for CVE-2025-22467.
By Rob Wright • Feb. 26, 2025 -
Motortion via Getty Images
More than 400 SonicWall firewall instances remain vulnerable to attack
Researchers previously warned of exploitation attempts after the release of a proof of concept.
By David Jones • Feb. 25, 2025 -
TU IS via Getty Images
Attackers exploiting Cisco vulnerabilities tied to Salt Typhoon campaign
GreyNoise observed exploitation of CVE-2018-0171, which Cisco Talos researchers said was used in a recent attack by the China-backed threat group.
By Rob Wright • Feb. 25, 2025 -
Traitov/iStock/Getty via Getty Images
Palo Alto Networks warns hackers attempting to exploit a file read flaw in firewalls
Threat actors are chaining the CVE with at least one prior flaw to enable the hack attempts.
By David Jones • Feb. 24, 2025 -
David Ryder via Getty Images
Microsoft Power Pages vulnerability exploited in the wild
The high-severity privilege escalation flaw in Microsoft's website building application was disclosed and patched last week.
By Rob Wright • Feb. 24, 2025 -
DKosig via Getty Images
US authorities warn Ghost ransomware leverages older CVEs
The China-linked threat group has targeted critical infrastructure providers in more than 70 countries.
By David Jones • Feb. 20, 2025 -
Hailshadow via Getty Images
Proof-of-concept exploit released for 4 Ivanti vulnerabilities
Critical flaws in Ivanti Endpoint Manager were initially disclosed and patched last month.
By Rob Wright • Updated Feb. 20, 2025 -
Devrimb
SonicWall authentication flaw under threat of active exploitation
Weeks after the company released a patch, researchers warn the CVE is being targeted by threat actors.
By David Jones • Feb. 19, 2025 -
Philip Steury via Getty Images
Phishing campaign targets Microsoft device-code authentication flows
Russian state-sponsored hackers have attacked enterprises and government agencies in North America and overseas.
By Rob Wright • Feb. 18, 2025 -
Matt Kapko/Cybersecurity Dive
Palo Alto Networks warns firewall vulnerability is under active exploitation
The flaw, when chained together with a prior vulnerability, can allow an attacker to gain access to unpatched firewalls.
By David Jones • Feb. 18, 2025 -
Laurence Dutton via Getty Images
FBI, CISA warn hackers abusing buffer overflow CVEs to launch attacks
The agencies are urging manufacturers to shift development practices through the use of memory safe code.
By David Jones • Feb. 13, 2025 -
NicoElNino via Getty Images
China-backed hackers continue cyberattacks on telecom companies
Salt Typhoon threat actors compromised Cisco edge devices by exploiting older vulnerabilities.
By Rob Wright • Feb. 13, 2025 -
Getty Images via Getty Images
VeraCore zero-day vulnerabilities exploited in supply chain attacks
Cybercriminals maintained access to one victim organization for more than four years.
By Rob Wright • Feb. 11, 2025 -
Courtesy of Trimble
CISA warns of hackers targeting vulnerability in Trimble Cityworks to conduct RCE
The software is widely used in projects by local governments, utilities, airports and other facilities.
By David Jones • Feb. 10, 2025 -
hapabapa via Getty Images
Microsoft warns 3K exposed ASP.NET machine keys at risk of weaponization
An unknown threat actor recently used an exposed key for code injection cyberattacks.
By Rob Wright • Feb. 7, 2025 -
miniseries via Getty Images
AI agents spark interest, concern for businesses in 2025
Leaders have high hopes for autonomous capabilities, but adding the technology will raise the stakes for security and governance.
By Lindsey Wilkinson • Feb. 6, 2025 -
gorodenkoff via Getty Images
Exploitation of vulnerability in Zyxel CPE targets legacy routers
Zyxel urged users to replace their old devices with modern, supported versions.
By David Jones • Feb. 4, 2025 -
Just_Super via Getty Images
State-linked hackers deploy macOS malware in fake job interview campaign
Actors linked to North Korea bypassed Apple security using malware called FlexibleFerret.
By Robert Wright, Contributing Reporter • Feb. 4, 2025 -
.shock via Getty Images
The cybersecurity outlook for 2025
Threat actors are exploiting known weak points and enterprises’ dependency across the tech stack. It’s making cybersecurity professionals’ jobs harder than ever before.
By Cybersecurity Dive Staff • Feb. 3, 2025 -
Sarah Silbiger via Getty Images
FDA, CISA warn about vulnerabilities in patient health monitors
Vulnerabilities in certain Contec and Epsimed patient monitors can allow people to gain access and potentially manipulate the devices, the FDA warned.
By Nick Paul Taylor • Jan. 31, 2025
Previous
