Researchers warn of active exploitation of critical Apache Struts 2 flaw

Exploitation activity was observed about a week after the CVE was disclosed. 

By David Jones • Dec. 20, 2024

BeyondTrust customers hit by wave of attacks linked to compromised API key

The cybersecurity vendor said an attacker compromised its access-management tool and reset customer passwords.

By Matt Kapko • Dec. 20, 2024

Mandiant traces Cleo file-transfer exploits back to October

The threat intelligence firm observed deployment of backdoors, but has not seen mass data theft thus far.

By David Jones • Updated Dec. 19, 2024

Pennsylvania representative pitches bill to double cyber assistance for local water systems

The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.

By David Jones • Dec. 17, 2024

Cleo releases CVE for actively exploited flaw in file-transfer software

Researchers confirmed a new zero-day vulnerability is separate from a flaw originally disclosed in October. A notorious ransomware group linked itself to the attacks.

By David Jones • Dec. 16, 2024

Security community raises concern as Cleo file-transfer CVE delayed

After the company urged users to patch a critical flaw, researchers are asking about the lack of a CVE and additional guidance.

By David Jones • Dec. 13, 2024

Cleo releases new patch as threat groups ramp up exploitation of critical CVE

Researchers warned that companies primarily in the trucking, food, retail and shipping industries were under attack.

By David Jones • Dec. 12, 2024

Critical flaw in Cleo file-transfer software is under mass exploitation

The company is working on a new patch and CVE as an existing patch for a previously disclosed vulnerability is not providing adequate protection.

By David Jones • Updated Dec. 11, 2024

CISA, German cyber authorities warn Zyxel firewalls facing active exploitation

Attackers have targeted dozens of companies with Helldown ransomware, researchers found.

By David Jones • Dec. 4, 2024

Palo Alto Networks pushes back as Shadowserver spots 2K of its firewalls exploited

The security vendor maintains only a limited number of customers’ firewalls have been exploited by a zero-day it patched earlier this week.

By Matt Kapko • Nov. 22, 2024

Palo Alto Networks customers grapple with another actively exploited zero-day

The security vendor warned of an unconfirmed vulnerability in PAN-OS earlier this month. A CVE entry and patch came 10 days later.

By Matt Kapko • Nov. 19, 2024

Federal probe finds vulnerabilities across more than 300 US water systems

The Environmental Protection Agency lacks a documented plan to coordinate incident reporting with CISA, the agency’s Office of Inspector General found.

By David Jones • Nov. 19, 2024

Palo Alto Networks’ customer migration tool hit by trio of CVE exploits

CISA warned of two critical and actively exploited vulnerabilities in Expedition one week after another CVE came under active exploitation in the same product.

By Matt Kapko • Nov. 15, 2024

Microsoft revamps how it will disclose vulnerabilities

The company said the additional disclosure method using the Common Security Advisory Framework will help organizations better prioritize CVEs.

By David Jones • Nov. 15, 2024

Citrix Session Recording users warned of CVEs that allow hackers to gain control

Security researchers at watchTowr discovered the flaw and claim attackers can gain access without authentication, a finding which Citrix disputes.

By David Jones • Nov. 13, 2024

Zero-days from top security vendors were most exploited CVEs in 2023

The top five vulnerabilities exploited by attackers last year were found in security gear from Citrix, Cisco and Fortinet, the Five Eyes’ cyber agencies found.

By Matt Kapko • Nov. 13, 2024

Critical Veeam CVE targeted by new ransomware variant

Multiple ransomware variants are now targeting the CVE, which has a CVSS of 9.8. For customers, the risk of exploitation is only increasing.

By Matt Kapko • Nov. 12, 2024

The company you keep: your most trusted vendor could be your biggest security risk

Your trusted vendor might be your biggest security risk. Learn how to mitigate third-party threats.

By Joel Burleson-Davis, SVP Worldwide Engineering, Cyber, Imprivata • Nov. 11, 2024

Fortinet finds more malicious IPs linked to widely exploited zero-day

The cybersecurity vendor said the additional indicators of compromise don’t reflect any major changes. Researchers warn thousands of devices remain exposed.

By Matt Kapko • Oct. 31, 2024

Poor vulnerability management could indicate larger cyber governance issues, S&P says

Companies that fail to properly mitigate security vulnerabilities are leaving themselves open to malicious activity, the research firm said.

By David Jones • Oct. 29, 2024

Cisco warns actively exploited CVE can lead to DoS attacks against VPN services

The company warned the threat activity is linked to previously disclosed brute-force attacks beginning in March.

By David Jones • Oct. 28, 2024

Critical Veeam CVE actively exploited in ransomware attacks

Multiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data backup and recovery vendor.

By Matt Kapko • Oct. 22, 2024

Microsoft confirms partial loss of security log data on multiple platforms

The company previously expanded free access to security logs on several platforms, including Purview, following the 2023 state-linked hack of Exchange Online.

By David Jones • Oct. 18, 2024

FBI, CISA seek input on software security, configuration changes

Authorities are seeking public comment on steps the software industry can take to make their products more resistant to malicious threat activity.

By David Jones • Oct. 17, 2024

CISA adds SolarWinds flaw to exploited vulnerabilities catalog

A hardcoded credentials vulnerability in SolarWinds Web Help Desk lets attackers read and modify sensitive help desk ticket information.

By David Jones • Oct. 16, 2024