The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal agencies to patch a critical vulnerability in the Linux kernel. This high-severity flaw, tracked as CVE-2024-53104, has actively been exploited in targeted attacks and could pose…
AMD has released critical firmware updates to address a high-severity security vulnerability, identified as CVE-2024-56161. This flaw allows attackers to load malicious microcode onto unpatched AMD CPUs due to a weakness in the microcode patch loader, which fails to properly…
Italy’s data protection authority, the Garante, has banned Chinese AI company DeepSeek over concerns about its data privacy practices. The move, announced on January 30, 2025, follows an investigation into DeepSeek’s data handling practices, specifically regarding the collection and storage…
A recent security vulnerability identified by Jakub Korepta of Securing poses a significant threat to Aviatrix Controllers, enabling unauthenticated users to execute arbitrary commands on the affected systems. The advisory highlights the critical nature of the vulnerability, as indications suggest…
A critical vulnerability has been identified in the SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) related to pre-authentication deserialisation of untrusted data. This vulnerability poses a significant security risk because, under specific conditions, it could allow…
A significant security vulnerability exists in Cacti, a popular network monitoring tool. This flaw allows authenticated users to exploit the graph creation and template functionalities, potentially leading to the execution of arbitrary PHP scripts within the application’s web root. Affected…
Apple has rolled out essential software updates to tackle multiple security vulnerabilities across its product lineup, including a significant zero-day vulnerability that attackers have reportedly exploited. This vulnerability, identified as CVE-2025-24085, poses a risk by allowing a malicious application already…
A severe vulnerability, tracked as CVE-2024-9042, has been discovered in Kubernetes, allowing attackers to execute arbitrary code with SYSTEM-level privileges on Windows nodes in affected clusters. This flaw, uncovered by Akamai security researcher Tomer Peled, revolves around a weakness in…
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of a long-standing security flaw in the widely-used jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation. The vulnerability, designated as…