December 11, 2024

Ivanti has patched a critical vulnerability in its Cloud Services Appliance (CSA) solution that could have allowed an unauthenticated attacker to bypass authentication and gain administrative access.

December 11, 2024

Microsoft's final Patch Tuesday updates for 2024 included fixes for 72 security flaws across its software range, one of which is currently being exploited.

December 11, 2024

On Tuesday, the U.S. government unveiled charges against a Chinese individual named Guan Tianfeng, also known as gbigmao and gxiaomao.

December 10, 2024

The ransomware group known as 'Termite' is believed to be responsible for a string of attacks exploiting a zero-day vulnerability in Cleo's LexiCom, VLTransfer, and Harmony file transfer software.

December 10, 2024

A serious security flaw has been identified in WPForms, a WordPress plugin deployed across more than 6 million websites.

December 9, 2024

A second zero-day vulnerability has been discovered in Windows NTLM, following the one found two months prior, creating a path for potential relay attacks and credential theft.

December 5, 2024

A newly identified threat activity cluster, Earth Minotaur, is using the MOONSHINE exploit kit and an unreported Android-Windows backdoor, DarkNimbus, to conduct long-term surveillance operations against Uyghurs and Tibetans.

December 5, 2024

Researchers from watchTowr have found an arbitrary file read zero-day vulnerability in the Mitel MiCollab collaboration platform.

December 4, 2024

The Japanese Computer Emergency Response Team (CERT) has raised the alarm about hackers taking advantage of zero-day vulnerabilities in IO-Data router devices.

December 3, 2024

Veeam has issued security updates to rectify two vulnerabilities in its Service Provider Console (VSPC), one of which is a critical remote code execution (RCE) bug.