Attackers exploit zero-day vulnerability in Zyxel CPE devices

Researchers say the manufacturer has yet to publicly disclose or patch the flaw.

By David Jones • Jan. 29, 2025

SonicWall SMA 1000 series appliances left exposed on the internet

The company last week confirmed attackers are actively exploiting a critical vulnerability in the devices. 

By David Jones • Jan. 28, 2025

Network security tool defects are endemic, eroding enterprise defense

When malicious hackers exploit vulnerabilities in firewalls, VPNs and routers, it’s not the vendors that get hit — it’s their customers.

By Matt Kapko • Jan. 28, 2025

SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances

Researchers from Microsoft Threat Intelligence alerted the company to suspected threat activity.

By David Jones • Jan. 27, 2025

Attackers lodge backdoors into Ivanti Connect Secure devices

Shadowserver scans found 379 compromised Ivanti Connect Secure devices. Researchers said the situation is serious and likely impacts more organizations.

By Matt Kapko • Jan. 24, 2025

Blue Yonder investigating Clop ransomware threat linked to exploited Cleo CVEs

The financially-motivated hacker was previously linked to the mass exploitation of critical vulnerabilities in MOVEit file-transfer software.

By David Jones • Jan. 17, 2025

CISA pins modest security gains to performance goals program

The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.

By Matt Kapko • Jan. 14, 2025

CISA adds second BeyondTrust CVE to known exploited vulnerabilities list

Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.

By David Jones • Jan. 14, 2025

Ivanti zero-day has researchers scrambling

Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.

By Matt Kapko • Jan. 13, 2025

Ivanti customers confront new zero-day with suspected nation-state nexus

The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.

By Matt Kapko • Jan. 9, 2025

CISA says hack targeting Treasury Department did not impact other federal agencies

BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched. Hackers used a stolen key to attack Treasury workstations.

By David Jones • Jan. 7, 2025

Censys researchers warn 8,600 BeyondTrust instances still exposed

As authorities investigate a December attack spree, the researchers added the caveat that not all instances are considered vulnerable.

By David Jones • Jan. 3, 2025

Researchers warn of active exploitation of critical Apache Struts 2 flaw

Exploitation activity was observed about a week after the CVE was disclosed. 

By David Jones • Dec. 20, 2024

BeyondTrust customers hit by wave of attacks linked to compromised API key

The cybersecurity vendor said an attacker compromised its access-management tool and reset customer passwords.

By Matt Kapko • Dec. 20, 2024

Mandiant traces Cleo file-transfer exploits back to October

The threat intelligence firm observed deployment of backdoors, but has not seen mass data theft thus far.

By David Jones • Updated Dec. 19, 2024

Pennsylvania representative pitches bill to double cyber assistance for local water systems

The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.

By David Jones • Dec. 17, 2024

Cleo releases CVE for actively exploited flaw in file-transfer software

Researchers confirmed a new zero-day vulnerability is separate from a flaw originally disclosed in October. A notorious ransomware group linked itself to the attacks.

By David Jones • Dec. 16, 2024

Security community raises concern as Cleo file-transfer CVE delayed

After the company urged users to patch a critical flaw, researchers are asking about the lack of a CVE and additional guidance.

By David Jones • Dec. 13, 2024

Cleo releases new patch as threat groups ramp up exploitation of critical CVE

Researchers warned that companies primarily in the trucking, food, retail and shipping industries were under attack.

By David Jones • Dec. 12, 2024

Critical flaw in Cleo file-transfer software is under mass exploitation

The company is working on a new patch and CVE as an existing patch for a previously disclosed vulnerability is not providing adequate protection.

By David Jones • Updated Dec. 11, 2024

CISA, German cyber authorities warn Zyxel firewalls facing active exploitation

Attackers have targeted dozens of companies with Helldown ransomware, researchers found.

By David Jones • Dec. 4, 2024

Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited

The security vendor maintains only a limited number of customers’ firewalls have been exploited by a zero-day it patched earlier this week.

By Matt Kapko • Nov. 22, 2024

Palo Alto Networks customers grapple with another actively exploited zero-day

The security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE entry and patch came 10 days later.

By Matt Kapko • Nov. 19, 2024

Federal probe finds vulnerabilities across more than 300 US water systems

The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.

By David Jones • Nov. 19, 2024

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits

CISA warned of two critical and actively exploited vulnerabilities in Expedition one week after another CVE came under active exploitation in the same product.

By Matt Kapko • Nov. 15, 2024