Security News > 2023 > July > Week in review: Ivanti zero-day exploited, MikroTik vulnerability could compromise 900,000 routers

Key factors for effective security automationIn this Help Net Security interview, Oliver Rochford, Chief Futurist at Tenzir, discusses how automation can be strategically integrated with human expertise, the challenges in ensuring data integrity, and the considerations when automating advanced tasks.
MikroTik vulnerability could be used to hijack 900,000 routersA privilege escalation vulnerability could allow attackers to commandeer up to 900,000 MikroTik routers, says VulnCheck researcher Jacob Baines.
Ivanti zero-day exploited to target Norwegian governmentA zero-day vulnerability affecting Ivanti Endpoint Manager Mobile has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority has confirmed on Tuesday.
Apple fixes exploited zero-day in all of its OSesApple has patched an exploited zero-day kernel vulnerability in iOS, iPadOS, macOS, watchOS and tvOS. US companies commit to safe, transparent AI developmentSeven US artificial intelligence giants - Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI - have publicly committed to "Help move toward safe, secure, and transparent development of AI technology."
Enterprises should layer-up security to avoid legal repercussionsThe role of CISO these days requires a strong moral compass: You have to be the one speaking up for the protection of customer data and be ready to handle uncomfortable situations such as pressure to downplay an actual breach.
Converging networking and security with SASEIn this Help Net Security video, Omri Guelfand, VP of Product Management and SASE/Networking as a Service at Cisco Meraki, discusses converging networking and security with SASE. SEC adopts new cybersecurity incident disclosure rules for companiesThe Securities and Exchange Commission today adopted rules requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.
News URL
Related news
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) (source)
- PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)