44/68 Friday, January 31, 2025 A Critical Vulnerability has been discovered in the Cacti Framework, an open-source platform for network monitoring and fault management. This vulnerability, identified as CVE-2025-22604, could allow an authenticated attacker to perform Remote Code Execution (RCE) on affected servers. It has been assigned a CVSS score of 9.1 and originates from […]
43/68 Friday, January 31, 2025 Cybersecurity researchers have issued a warning about a critical zero-day vulnerability affecting Zyxel CPE Series devices, which are currently under heavy attack. The vulnerability, identified as CVE-2024-40891, is an unpatched command injection flaw that could allow attackers to execute arbitrary commands on affected devices. This could lead to system breaches, […]
42/68 Thursday, January 30, 2025 VMware has released a patch to fix CVE-2025-22217, a Blind SQL Injection vulnerability with a CVSS severity score of 8.6. This vulnerability allows attackers with network access to send specially crafted SQL queries to the system’s database without authentication. Avi Load Balancer, formerly known as Avi Vantage, is a Software-Defined […]
41/68 Thursday, January 30, 2025 Google has announced that it will discontinue the Chrome Sync feature for users running Google Chrome versions older than four years, starting in early 2025. This decision aims to encourage users to update their browsers to the latest version for improved security and performance. Chrome Sync is a feature that […]
40/68 Wednesday, January 29, 2025 Apple has released a security update to fix the first Zero-Day vulnerability of 2025, identified as CVE-2025-24085, which has been actively exploited to target iPhone users. This privilege escalation vulnerability affects the Core Media framework, responsible for handling multimedia tasks on iOS and macOS. Attackers could exploit this flaw to […]
39/68 Wednesday, January 29, 2025 A security vulnerability in the Brave Browser, a popular choice among users, has been discovered in desktop versions 1.70.x to 1.73.x. This vulnerability, identified as CVE-2025-23086, falls under CWE-60, which relates to source data tampering. It allows malicious websites to appear as trusted sources during file uploads or downloads. The […]
38/68 Tuesday, January 28, 2025 UnitedHealth Group revealed that the personal and health data of over 190 million individuals were stolen in a cyberattack targeting Change Healthcare, a subsidiary of the company. This breach marks the largest data leak in U.S. history, with the figure significantly higher than the initial estimate of 100 million affected […]
37/68 Tuesday, January 28, 2025 Cybersecurity experts have issued a warning about the spreading MintsLoader malware campaign, which targets organizations in the energy, oil and gas, and legal sectors across the United States and Europe. MintsLoader is designed to deploy secondary malware, such as StealC, a data-stealing tool, and BOINC, an open-source computing platform that […]
36/68 Monday, January 27, 2025 A vulnerability in the Subaru Starlink system has put vehicles and customer accounts in the U.S. and Canada at risk of remote attacks. Cybersecurity researchers Sam Curry and Shubham Shah discovered the flaw, which allows attackers with basic information such as a name, email, or license plate to take control […]
35/68 Monday, January 27, 2025 Microsoft has issued a notice to Windows system administrators that it will discontinue driver synchronization through the Windows Server Update Services (WSUS) on April 18, 2025, 90 days from now. Drivers will still be available for download via the Microsoft Update Catalog but can no longer be imported into WSUS. […]
