vulnerabilities Archives

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

12 hours ago By Matt Kapko

A view of the Microsoft corporate logo in front of the Microsoft Office building on 41st street and 8th avenue on July 19, 2024 in New York City. (Photo by Craig T Fruchtman/Getty Images)

Microsoft patches zero-day actively exploited in string of ransomware attacks

Microsoft said Storm-2460 has exploited the zero-day in the Windows Common Log File System to attack organizations in the U.S., Venezuela, Spain and Saudi Arabia.

Apr 8, 2025 By Matt Kapko

A view of the Google offices in New York City on May 19, 2020. (Photo by Ben Gabbe/Getty Images)

Google addresses 2 actively exploited vulnerabilities in security update

Serbian security services exploited one of the actively exploited vulnerabilities to break into the phone of a youth activist in Serbia, according to Amnesty International.

Apr 7, 2025 By Matt Kapko

Microsoft patches 57 vulnerabilities, including 6 zero-days

More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.

Mar 11, 2025 By Matt Kapko

Multiple vulnerabilities found in ICONICS industrial SCADA software

The since-patched vulnerabilities allowed for privilege escalation, DLL hijacking, file modification and even total system compromise.

Mar 10, 2025 By Derek B. Johnson

Android security update contains 2 actively exploited vulnerabilities

Google’s monthly batch of security fixes addressed 43 vulnerabilities.

Mar 3, 2025 By Matt Kapko

Edge device vulnerabilities fueled attack sprees in 2024

The most consequential cyberattacks observed by Darktrace last year were linked to software defects in firewalls and perimeter network technologies.

Feb 19, 2025 By Matt Kapko

For suspected Chinese hackers, U.S. telecoms represent a tempting target for espionage. (Getty Images)

Salt Typhoon remains active, hits more telecom networks via Cisco routers

The Chinese nation-state threat group intruded five additional telecom networks between December and January, including two unnamed providers in the U.S., Recorded Future researchers said.

Feb 13, 2025 By Matt Kapko

Cars drive past the headquarters of the Russian General Staff’s Main Intelligence Department (GRU) in Moscow on December 30, 2016. (Photo by NATALIA KOLESNIKOVA/AFP via Getty Images)

Russian state threat group shifts focus to US, UK targets

A subgroup of Seashell Blizzard exploited public vulnerabilities in internet-facing systems, Microsoft researchers said.

Feb 12, 2025 By Matt Kapko

The Microsoft logo is visible through a grid of its French headquarters on Jan. 25, 2023 in Issy-les-Moulineaux. (Photo by Chesnot/Getty Images)

Microsoft fixes 63 vulnerabilities, including 2 zero-days

The company’s monthly Patch Tuesday update comes with more than two-thirds of the patches closing high-severity flaws.

Feb 11, 2025 By Matt Kapko