Common Vulnerabilities and Exposures (CVE) stories - Page 4

On January's Patch Tuesday, Microsoft revealed 161 vulnerabilities, including eight under active exploitation, with no browser flaws noted this month.

Microsoft has unveiled its January 2025 Patch Tuesday update, tackling a record 157 vulnerabilities, including eight critical zero-day flaws.

In 2025, organisations must navigate the complexities of AI integration in software development, balancing innovation with security and skilled developer support.

Mandiant unveils a critical zero-day vulnerability in Ivanti Connect Secure VPN appliances, exploited since December 2024 by a suspected China-linked group.

Ivanti has announced critical patches for two vulnerabilities in its Connect Secure and Policy Secure products, one of which is already under active exploitation.

Chris Hughes predicts that open source software adoption will grow in 2025, alongside sophisticated attacks and challenges in governance and security.

CloudSEK's 2024 Threat Landscape Report reveals a staggering 994TB of data exfiltrated, with ransomware demands averaging over USD $2 million.

Rapid7's analysis of the 2024 cyber threat landscape reveals alarming trends in ransomware and vulnerability exploits impacting organisations worldwide.

This December, Microsoft addresses 70 vulnerabilities, including 16 critical remote code execution flaws, in its latest Patch Tuesday update.

Ransomware attacks surged 19% in October, totalling 486 incidents globally, as threat actors increasingly targeted critical infrastructure sectors.

The Qualys Threat Research Unit has identified five critical vulnerabilities in needrestart used by Ubuntu Servers, risking unauthorized root access for users.

Tenable has disclosed a medium-severity SMB force-authentication vulnerability in all Windows versions of Open Policy Agent before version 0.68.0.

Microsoft is rolling out patches for 90 vulnerabilities this November, including critical remote code execution flaws and several in-the-wild exploits.

CloudSEK warns that the Androxgh0st botnet has significantly expanded its reach, now targeting critical vulnerabilities in various systems and IoT devices.

Kaspersky has uncovered a sophisticated campaign by the Lazarus group targeting cryptocurrency investors, employing social engineering and zero-day exploits.

Tenable has revealed a medium-severity vulnerability in Open Policy Agent for Windows that exposes user credentials, urging updates to version 0.68.0.

Memory safety vulnerabilities are surging in industrial control systems, with over 3,000 reported in 2022, prompting urgent calls for enhanced security measures.

A coalition of global agencies warns of Iranian cyber threats targeting critical infrastructure, highlighting emerging tactics and unresolved vulnerabilities.

Microsoft has addressed 118 vulnerabilities in its October 2024 Patch Tuesday, including five with evidence of exploitation, amid ongoing security concerns.

Tenable's 2024 Cloud Risk Report reveals 74% of global organisations have publicly exposed storage assets, heightening their ransomware risk.