Active Exploitation of Critical Vulnerability Chain in SimpleHelp

SimpleHelp has released security updates to address one critical and two high severity vulnerabilities in SimpleHelp. SimpleHelp is a remote monitoring and management (RMM) tool that allows administrators and service desk technicians to provide remote support and monitor devices on Read More …

Ivanti Releases February 2025 Security Updates

Ivanti has released three security advisories in the February Security Update, which addresses vulnerabilities in Ivanti products. In the first advisory, two vulnerabilities were identified in Ivanti Cloud Services Application (CSA). The Ivanti CSA is an Internet appliance that provides Read More …

SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024-53704)

A proof-of-concept (PoC) exploit has been published by security researchers for an authentication bypass vulnerability in the SonicOS SSL VPN component. SonicWall appliances provide virtual private network (VPN) and ‘next-gen’ firewall capabilities. SonicWall formally disclosed and released security updates addressing Read More …

Apple fixes iPhone and iPad bug used in an ‘extremely sophisticated attack’

On Monday, Apple released updates for its mobile operating systems for iOS and iPadOS, which fixed a flaw that the company said “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” In the release notes for Read More …

U.K. orders Apple to let it spy on users’ encrypted accounts

Security officials in the United Kingdom have demanded that Apple create a back door allowing them to retrieve all the content any Apple user worldwide has uploaded to the cloud, people familiar with the matter told The Washington Post. The Read More …

Cisco Releases Security Advisories for Multiple Products

Cisco has released nine security advisories addressing multiple vulnerabilities, including one critical and two high severity advisories affecting Cisco Identity Services Engine (ISE), Cisco NX-OS, Cisco Expressway, Cisco IOS, Cisco IOS XE, Cisco IOS XR, Secure Email and Web Manager, Read More …

Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers

Taiwanese hardware maker Zyxel says it has no plans to release a patch for two actively exploited vulnerabilities affecting potentially thousands of customers. Threat intelligence startup GreyNoise warned late last month that a critical-rated zero-day vulnerability impacting Zyxel routers was Read More …

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

In September, 2024 the Zero Day Initiative (ZDI) Threat Hunting team identified the exploitation of a 7-Zip zero-day vulnerability used in a SmokeLoader malware campaign targeting Ukrainian entities. The vulnerability, CVE-2025-0411, was disclosed to 7-Zip creator Igor Pavlov, leading to Read More …

Potential Backdoor Embedded in Contec Health CMS8000 Patient Monitor Firmware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a medical product advisory for the Contec Health CMS8000 Patient Monitor to address one critical and two high severity vulnerabilities. The Contec CMS8000 is a patient monitor used to display Read More …

TeamViewer Releases Security Updates for Privilege Escalation Vulnerability

TeamViewer has released a security advisory addressing a new vulnerability within the TeamViewer Remote Windows Clients. TeamViewer is a popular remote access and control software. CVE-2025-0065 is an ‘improper neutralization of argument delimiters in a command’ vulnerability with a CVSSv3 Read More …