Vulnerability: Page 8
-
Courtesy of Coinbase
Coinbase originally targeted during GitHub Action supply chain attack
Researchers from Palo Alto Networks said the hackers likely planned to leverage an open source project of the company for additional attacks.
By David Jones • March 21, 2025 -
Getty Images
GitHub Action compromise linked to previously undisclosed attack
Researchers uncovered a March 11 incident that may have led to the larger supply chain attack.
By David Jones • March 20, 2025 -
Getty Images
Cisco Smart Licensing Utility flaws under attack
The SANS Internet Storm Center reported exploitation attempts against two critical vulnerabilities, which were initially disclosed in September.
By Rob Wright • March 20, 2025 -
David Ramos via Getty Images
11 nation-state groups exploit unpatched Microsoft zero-day
The tech giant has yet to address a vulnerability that allows for malicious payloads to be delivered via Windows shortcut files and has been under active attack for eight years.
By Elizabeth Montalbano, Contributing Reporter • March 19, 2025 -
Getty Images
AI project failure rates are on the rise: report
The share of businesses scrapping most of their AI initiatives increased to 42% this year, up from 17% last year, according to S&P Global Market Intelligence.
By Lindsey Wilkinson • March 18, 2025 -
Getty Images
Supply chain attack against GitHub Action triggers massive exposure of secrets
The incident highlights ongoing security concerns in the software supply chain.
By David Jones • March 17, 2025 -
Getty Images
SuperBlack ransomware used to exploit Fortinet vulnerabilities
A report by Forescout Research points to a threat actor with ties to LockBit.
By David Jones • March 14, 2025 -
Getty Images
Juniper MX routers targeted by China-nexus threat group using custom backdoors
The devices have reached end-of-life status and need to be upgraded, as the company has issued in a security advisory.
By David Jones • March 12, 2025 -
Getty Images
CISA: 3 Ivanti endpoint vulnerabilities exploited in the wild
Researchers last month published a proof-of-concept exploit for the critical flaws in Endpoint Manager.
By Rob Wright • March 11, 2025 -
Getty Images
Critical PHP vulnerability under widespread cyberattack
Telemetry data shows spikes in exploits of CVE-2024-4577 across several countries in recent months.
By Rob Wright • March 10, 2025 -
Getty Images
Eleven11bot estimates revised downward as researchers point to Mirai variant
The botnet has been involved in DDoS activity targeting telecom companies and gaming platforms.
By David Jones • March 7, 2025 -
Getty Images
37K+ VMware ESXi instances vulnerable to critical zero-day
Some customers have been unable to download the patches for three VMware zero-day vulnerabilities due to an issue with the Broadcom Support Portal.
By Rob Wright • March 6, 2025 -
Justin Sullivan / Staff via Getty Images
Broadcom urges customers to patch 3 zero-day VMware flaws
Cyberattackers with administrative access are actively exploiting vulnerabilities in ESXi, Workstation and Fusion products.
By Elizabeth Montalbano, Contributing Reporter • March 5, 2025 -
Getty Images
Microsoft-signed driver used in ransomware attacks
Threat actors are exploiting a privilege escalation flaw in Paragon Partition Manager for “bring your own vulnerable driver” (BYOVD) attacks.
By Rob Wright • March 3, 2025 -
Getty Images
Leaked ransomware chat logs reveal Black Basta’s targeted CVEs
Cybercrime group focused on Microsoft vulnerabilities as well as flaws in network edge devices and communications software.
By Rob Wright • Feb. 27, 2025 -
Getty Images
Nearly 3K Ivanti Connect Secure instances vulnerable to critical flaw
U.S. has the most VPNs not yet patched for CVE-2025-22467.
By Rob Wright • Feb. 26, 2025 -
Getty Images
More than 400 SonicWall firewall instances remain vulnerable to attack
Researchers previously warned of exploitation attempts after the release of a proof of concept.
By David Jones • Feb. 25, 2025 -
Getty Images
Attackers exploiting Cisco vulnerabilities tied to Salt Typhoon campaign
GreyNoise observed exploitation of CVE-2018-0171, which Cisco Talos researchers said was used in a recent attack by the China-backed threat group.
By Rob Wright • Feb. 25, 2025 -
Getty Images
Palo Alto Networks warns hackers attempting to exploit a file read flaw in firewalls
Threat actors are chaining the CVE with at least one prior flaw to enable the hack attempts.
By David Jones • Feb. 24, 2025 -
David Ryder via Getty Images
Microsoft Power Pages vulnerability exploited in the wild
The high-severity privilege escalation flaw in Microsoft's website building application was disclosed and patched last week.
By Rob Wright • Feb. 24, 2025 -
Getty Images
US authorities warn Ghost ransomware leverages older CVEs
The China-linked threat group has targeted critical infrastructure providers in more than 70 countries.
By David Jones • Feb. 20, 2025 -
Getty Images
Proof-of-concept exploit released for 4 Ivanti vulnerabilities
Critical flaws in Ivanti Endpoint Manager were initially disclosed and patched last month.
By Rob Wright • Updated Feb. 20, 2025 -
Devrimb
SonicWall authentication flaw under threat of active exploitation
Weeks after the company released a patch, researchers warn the CVE is being targeted by threat actors.
By David Jones • Feb. 19, 2025 -
Getty Images
Phishing campaign targets Microsoft device-code authentication flows
Russian state-sponsored hackers have attacked enterprises and government agencies in North America and overseas.
By Rob Wright • Feb. 18, 2025 -
Matt Kapko/Cybersecurity Dive
Palo Alto Networks warns firewall vulnerability is under active exploitation
The flaw, when chained together with a prior vulnerability, can allow an attacker to gain access to unpatched firewalls.
By David Jones • Feb. 18, 2025
Previous
