58/68 Tuesday, February 11, 2025 Zimbra has released a software update to address critical security vulnerabilities that could lead to data exposure if exploited. The vulnerability tracked as CVE-2025-25064 has been assigned a CVSS score of 9.8 and is an SQL Injection flaw in the ZimbraSync Service SOAP endpoint, affecting versions prior to 10.0.12 and […]
57/68 Tuesday, February 11, 2025 Security researchers from Sophos have reported that cybercriminals are increasingly using Scalable Vector Graphics (SVG) files to distribute malicious links via phishing emails. SVG files can open automatically in web browsers on Windows and support XML commands, allowing attackers to embed links to dangerous websites or inject malicious code. Sophos […]
56/68 Monday, February 10, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Trimble Cityworks vulnerability CVE-2025-0994 to its Known Exploited Vulnerabilities (KEV) Catalog. Trimble Cityworks is an asset management and permitting software that utilizes GIS technology for local governments, public utilities, and infrastructure organizations. The software integrates with Esri’s ArcGIS to […]
55/68 Monday, February 10, 2025 Spanish police and the Civil Guard have successfully arrested a key suspect in a major cybercrime case, known as “Natohub” on the Breach Forums platform. The suspect is accused of orchestrating over 40 cyberattacks targeting both government and private sector organizations in Spain and internationally. These attacks involved breaches of […]
54/68 Friday, February 7, 2025 Veeam has released a patch to address a vulnerability in its backup software that could allow attackers to execute malicious code on affected systems. The vulnerability, identified as CVE-2025-23114, has been assigned a CVSS severity score of 9.0. According to Veeam, the issue lies within the Veeam Updater Component, which […]
53/68 Friday, February 7, 2025 The International Civil Aviation Organization (ICAO) is urgently investigating a data breach that has impacted its systems and employee security. In its latest statement, ICAO confirmed reports of a potential security incident linked to a threat group known for targeting international organizations. The breach came to light after a post […]
52/68 Thursday, February 6, 2025 AMD has released a patch to address CVE-2024-56161 (CVSS score: 7.2), a vulnerability discovered by researchers from Google. This flaw allowed attackers with administrative privileges to load malicious microcode into the CPU, impacting Secure Encrypted Virtualization (SEV) technology, which protects virtual machine (VM) memory from unauthorized access. The vulnerability stemmed […]
51/68 Thursday, February 6, 2025 Netgear has disclosed two critical vulnerabilities affecting multiple WiFi router models. These vulnerabilities, identified as PSV-2023-0039 and PSV-2021-0117, have prompted the company to urge customers to update their firmware immediately to mitigate security risks. The vulnerabilities include a Remote Code Execution (RCE) flaw and an Authentication Bypass issue, both of […]
50/68 Wednesday, February 5, 2025 Google has released the February 2025 Android security update, addressing 48 vulnerabilities, including the actively exploited Zero-Day CVE-2024-53104. This vulnerability is a privilege escalation flaw in the Kernel’s USB Video Class (UVC) driver, allowing attackers to gain elevated system privileges. The issue stems from improper handling of UVC_VS_UNDEFINED frames, potentially […]
49/68 Wednesday, February 5, 2025 Microsoft has announced that it will discontinue the VPN privacy protection feature in the Microsoft Defender app by February 28, 2025. The company cited low usage as the primary reason and stated that it aims to reallocate resources toward developing features that better align with customer needs. The VPN feature […]
