According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack.
CISA added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the patch. The 9.8-rated SQL injection vulnerability exists in Microsoft Configuration Manager, which IT admins use to manage organizations’ Windows-based servers and laptops.
Read more…
Source: There Register News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- RondoDox botnet linked to large-scale exploit of critical HPE OneView bug
January 16, 2026
A critical HPE OneView flaw is now being exploited at scale, with Check Point tying mass, automated attacks to the RondoDox botnet. The security outfit says it has identified “large-scale exploitation” of CVE-2025-37164, a maximum-severity remote code execution bug in HPE’s data center management platform. Check Point has tied the activity to RondoDox, a Linux-based botnet ...
- WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping
January 16, 2026
WhisperPair is a set of attacks that lets an attacker hijack many popular Bluetooth audio accessories that use Google Fast Pair and, in some cases, even track their location via Google’s Find Hub network—all without requiring any user interaction. Researchers at the Belgian University of Leuven revealed a collection of vulnerabilities they found in audio accessories ...
- Cisco has finally patched a maximum-level security issue
January 16, 2026
A maximum-severity vulnerability in certain Cisco products has finally been addressed after allegedly being exploited by Chinese hackers for several weeks. In mid-December 2025, the networking giant disclosed a remote code execution (RCE) vulnerability in AsyncOS that affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. It tracked the flaw as CVE-2025-20393 ...
- “Reprompt” attack lets attackers steal data from Microsoft Copilot
January 15, 2026
Researchers found a method to steal data which bypasses Microsoft Copilot’s built-in safety mechanisms. The attack flow, called Reprompt, abuses how Microsoft Copilot handled URL parameters in order to hijack a user’s existing Copilot Personal session. Copilot is an AI assistant which connects to a personal account and is integrated into Windows, the Edge browser, and ...
- Patch Tuesday – January 2026
January 14, 2026
Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today’s menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code execution or elevation of privilege vulnerabilities. So far this month, Microsoft has already provided patches to ...
- Why iPhone users should update and restart their devices now
January 13, 2026
If you were still questioning whether iOS 26+ is for you, now is the time to make that call. Why? On December 12, 2025, Apple patched two WebKit zero‑day vulnerabilities linked to mercenary spyware and is now effectively pushing iPhone 11 and newer users toward iOS 26+, because that’s where the fixes and new memory ...