Of the top five most widely used network attacks against SMBs, the ‘newest’ vulnerability represented were nearly three years old, while the oldest were over a decade old – which is primitive when considering the modern threat environment.
The results are a clear reminder for CISOs and cybersecurity leaders that they must assess organizational threats based on their own current threat landscape, and specifically the main cybersecurity risks facing their organizations – rather than getting swept up in the latest media buzz.
Read more…
Source: TechRadar
Related:
- Mozilla Releases Security Updates for Firefox and Firefox ESR
May 19, 2025
Mozilla has released three security advisories to address two critical vulnerabilities in Firefox and Firefox ESR. CVE-2025-4918 is an ‘out-of-bounds access when resolving promise objects’ vulnerability. If exploited, could allow an attacker to perform an out-of-bounds read or write on a JavaScript Promise object. Read more… Source: NHS Digital Sign up for our Newsletter The latest news and insights delivered ...
- Update your Chrome to fix serious actively exploited vulnerability
May 19, 2025
Google released an emergency update for the Chrome browser to patch an actively exploited vulnerability that could have serious ramifications. The update brings the Stable channel to versions 136.0.7103.113/.114 for Windows and Mac and 136.0.7103.113 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging ...
- Proof-of-Concept Released Oracle VM VirtualBox
May 16, 2025
Oracle has released a security update to address a critical vulnerability in Oracle VM VirtualBox. Oracle VM VirtualBox is cross-platform virtualisation software. CVE-2025-30712 is an ‘improper access control’ vulnerability with a CVSSv3 score of 8.1 that affects the Oracle Virtualisation component of VirtualBox. Successful exploitation could allow an attacker with administrative privileges to gain linear memory ...
- Ivanti Endpoint Manager Mobile exploit chain exploited in the wild
May 16, 2025
On May 13, 2025, Ivanti disclosed an exploited in the wild exploit chain, comprising of two new vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM): CVE-2025-4427 and CVE-2025-4428. Ivanti EPMM is an enterprise-focused software suite for IT teams to manage mobile devices, applications, and content. CVE-2025-4427 is an authentication bypass vulnerability with a CVSS rating of 5.3 ...
- Fortinet Releases Multiple Security Advisories
May 14, 2025
Fortinet has released security advisories to two critical vulnerabilities. The security advisories address one critical vulnerability in FortiOS, FortiProxy and FortiSwitchManager, and an exploited vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. CVE-2025-32756 is a ‘stack-based buffer overflow’ vulnerability with a CVSSv3 score of 9.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary ...
- Mitel Releases Security Advisory for Mitel SIP Phones
May 12, 2025
Mitel has released security advisory addressing two vulnerabilities in Mitel SIP Phones including Mitel 6800 Series, 6900 Series, 6900w Series and 6970 Conference Unit. CVE-2025-47188 has a CVSSv3 base score of 9.8 and is a ‘command injection’ vulnerability that could allow an unauthenticated attacker to inject and execute arbitrary commands on the device. Exploitation could lead ...