cert

CVE-2025-4275: Insyde H2O UEFI Vulnerability Enables Certificate Injection via Unprotected NVRAM Variable

A critical vulnerability (CVE-2025-4275) in Insyde H2O UEFI firmware allows attackers to inject unauthorised digital certificates via an unprotected NVRAM variable. This flaw enables the execution of arbitrary firmware during the early boot process.

DslogdRAT Malware Installed in Ivanti Connect Secure - JPCERT/CC Eyes

A new malware, DslogdRAT, was deployed via a zero-day vulnerability in Ivanti Connect Secure during targeted attacks in Japan. The malware was installed using a Perl-based CGI web shell and exhibits advanced command-and-control capabilities.

Multiple Critical Vulnerabilities in Schneider Electric Sage Series RTUs

Multiple critical vulnerabilities have been identified in Schneider Electric's Sage Series Remote Terminal Units (RTUs), potentially allowing remote attackers to compromise device integrity, availability, and confidentiality.

Critical Missing Authentication Vulnerability in Yokogawa Recorder Products

Insecure default settings have been found in recorder products provided by Yokogawa Electric Corporation. The default setting of the authentication function is disabled on the affected products.

CISA, FBI, and NSA Reveal Top Routinely Exploited Vulnerabilities of 2023

Twelve out of the top 15 vulnerabilities were addressed last year, highlighting the importance of patching security flaws before they are exploited. The list included vulnerabilities in products from companies like Citrix, Cisco, Fortinet, and more.

CISA Releases Its First Ever International Strategic Plan

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan to enhance collaboration in combating cyber threats to critical infrastructure.

Iranian Hackers Conduct Brute Force and Password Spraying to Compromise Critical Infrastructure Organizations

The joint cybersecurity advisory warned of Iranian cyber actors using brute force and other methods to compromise organizations, particularly in critical sectors such as healthcare, government, IT, engineering, and energy.

CISA and FBI Release Product Security Bad Practices for Public Comment

The CISA and FBI released the Product Security Bad Practices catalog to improve software security, especially in critical infrastructure. The document identifies risky software development practices and provides guidelines to mitigate these risks.

CISA Adds Three Vulnerabilities in Windows Kernel, Mozilla Firefox, and SolarWinds Web Help Desk to KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding three critical security vulnerabilities affecting various software, including Microsoft Windows, Mozilla Firefox, and SolarWinds Web Help Desk.

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

The Pioneer Kitten attackers are monetizing their access to compromised organizations' networks by selling domain admin credentials and full domain control privileges on cybercrime marketplaces.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags