Security News

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
2025-03-13 07:13

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier...

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)
2025-02-28 14:44

Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE...

Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363)
2025-02-27 09:27

A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid session data and gain...

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
2025-02-24 14:11

A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161,...

Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
2025-02-21 07:38

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login...

CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
2025-02-21 07:26

A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited...

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)
2025-02-17 13:48

The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7...

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)
2025-02-13 11:03

Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept exploit (PoC) for...

Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
2025-02-11 20:15

February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation....

Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update
2025-02-11 11:16

Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200, the...