Category: Uncategorized
-
Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities?Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version…
-

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers [email protected] (The Hacker News)
Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. “Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as…
-
Mandiant links Ivanti zero-day exploitation to Chinese hackers
Post ContentRead More
-

New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption [email protected] (The Hacker News)
Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer. “Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple’s XProtect,” Check Point Research said in a new analysis shared with The Hacker News. “This development allows it…
-

Product Review: How Reco Discovers Shadow AI in SaaS [email protected] (The Hacker News)
As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI. Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson…
-
December ransomware attacks slam healthcare, public services
Post ContentRead More
-

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions [email protected] (The Hacker News)
Ransomware isn’t slowing down—it’s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in…
-

MirrorFace Leverages ANEL and NOOPDOOR in Multi-Year Cyberattacks on Japan [email protected] (The Hacker News)
Japan’s National Police Agency (NPA) and National Center of Incident Readiness and Strategy for Cybersecurity (NCSC) accused a China-linked threat actor named MirrorFace of orchestrating a persistent attack campaign targeting organizations, businesses, and individuals in the country since 2019. The primary objective of the attack campaign is to steal information related to Japan’s nationalRead More
-

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection [email protected] (The Hacker News)
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could…
-

E.U. Commission Fined for Transferring User Data to Meta in Violation of Privacy Laws [email protected] (The Hacker News)
The European General Court on Wednesday fined the European Commission, the primary executive arm of the European Union responsible for proposing and enforcing laws for member states, for violating the bloc’s own data privacy regulations. The development marks the first time the Commission has been held liable for infringing stringent data protection laws in the…
