SonicWall has released a security update for a critical vulnerability in Secure Mobile Access (SMA) 1000 Series appliances. This vulnerability impacts the Appliance Management Console (AMC) and Central Management Console (CMC).
SonicWall Secure Mobile Access is described as a unified secure access gateway that provides a Secure Sockets Layer (SSL) virtual private network (VPN), context-aware device authorisation, application level VPN, and advanced authentication with federated single sign-on (SSO) for cloud and on-premises resources.
Read more…
Source: NHS Digital
Related:
- Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape
May 1, 2025
In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks. With the ability to run code unrestricted on ...
- AI Agents are here. So are the threats.
May 1, 2025
Agentic applications are programs that leverage AI agents — software designed to autonomously collect data and take actions toward specific objectives — to drive their functionality. As AI agents are becoming more widely adopted in real-world applications, understanding their security implications is critical. This article investigates ways attackers can target agentic applications, presenting nine concrete attack ...
- Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324
April 28, 2025
On Thursday, April 24, enterprise resource planning company SAP published a CVE (and a day later, an advisory behind login) for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in Visual Composer’s Metadata Uploader component that, when successfully exploited, allows unauthenticated ...
- Commvault Releases Security Updates for Command Center
April 24, 2025
Commvault has released a security advisory to address a critical vulnerability in its Command Center Platform. Command Center is Commvault’s all-in-one solution for managing Commvault services within a corporate environment. CVE-2025-34028 is a path traversal vulnerability with a CVSSv3 base score of 10.0, and if exploited could allow an unauthenticated attacker to upload ZIP files. The ...
- Critical RCE Vulnerability in Erlang/OTP SSH Server
April 22, 2025
Erlang has released updates to its OTP package to address a critical vulnerability in its Secure Shell (SSH) server. Erlang is an open-source programming language. OTP (Open Telecom Platform) is a set of Erlang libraries and middle-ware that can be used to develop applications. CVE-2025-32433 is a critical vulnerability with a CVSSv3 score of 10.0. If ...
- New Rust Botnet “RustoBot” is Routed via Routers
April 21, 2025
FortiGuard Labs recently discovered a new botnet propagating through TOTOLINK devices. Unlike previous malware targeting these devices, this variant is written in Rust—a programming language introduced by Mozilla in 2010. Due to its Rust-based implementation, we’ve named the malware “RustoBot.” In January and February of 2025, FortiGuard Labs observed a significant increase in alerts related to ...