Palo Alto Networks has issued a critical severity security advisory for an authentication bypass vulnerability, known as CVE-2024-0012, affecting the PAN-OS management web interface.
CVE-2024-0012 has a CVSSv4 score of 9.3 when access is allowed to the management interface from external IP addresses on the internet. However, if access is restricted to a jump box that is the only system allowed to access the management interface, the CVSSv4 score would be reduced to 5.9.
Read more…
Source: NHS Digital
Related:
- The end of ransomware? Report claims the number of firms paying up is plummeting
October 28, 2025
The number of companies paying ransomware attackers for decryption keys and delete stolen files has plummeted, and now represents just 23% of all victims, new research has claims. In its report, Coveware said ransom payment rates across all impact scenarios – encryption, data exfiltration, and other extortion – fell to a “historical low” of 23% in ...
- Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector Persistence and Sophisticated C&C
October 27, 2025
Trend Research is continuously tracking the aggressive malware campaign it identified as Water Saci, which uses WhatsApp as its primary infection vector. In our previous blog, the Water Saci campaign, with its malware identified as SORVEPOTEL, automatically distributes the same malicious ZIP file to all contacts and groups associated with the victim’s compromised account for ...
- Mem3nt0 mori – The Hacking Team is back!
October 27, 2025
n March 2025, Kaspersky detected a wave of infections that occurred when users clicked on personalized phishing links sent via email. No further action was required to initiate the infection; simply visiting the malicious website using Google Chrome or another Chromium-based web browser was enough. The malicious links were personalized and extremely short-lived to avoid detection. ...
- Key Emerging Cybersecurity Threats and Challenges for 2025 and Beyond
October 27, 2025
The global threat landscape is undergoing an unprecedented transformation. Organizations are facing dizzying levels of complexity, driven by rapid technological innovation, the widespread adoption of artificial intelligence, and the expected disruptive effects of quantum computing. At the same time, shifting geopolitical dynamics, the rise of sophisticated cybercriminal networks, and the introduction of new regulatory frameworks are ...
- Ireland: Number of passengers affected by data breach not yet clear
October 26, 2025
It has not yet clear how many passengers were affected by the data breach relating to boarding passes issued for flights during August, but RTÉ News understands it may be in the hundreds of thousands. In August 3.8 million passenger journeys were made on flights through Dublin Airport. It has not been revealed yet what type ...
- Microsoft issues emergency WSUS security patch – update now
October 24, 2025
Microsoft has issued an emergency Windows server security patch to fix a critical severity flaw apparently abused in the wild. As part of its most recent Patch Tuesday cumulative update (October 14, 2025), Microsoft addressed CVE-2025-59287, a “deserialization of untrusted data” flaw found in Windows Server Update Service (WSUS). WSUS allows IT admins to manage patching ...