Ransomware in December 2024—Cl0p returns
December 2024 saw the unwelcome return of the notorious Cl0p ransomware gang.
1 minute
News
December patch Tuesday fixes one actively exploited zero-day vulnerability
Microsoft patched an actively exploited vulnerability in the CLFS component.
1 minute
Update now! November Patch Tuesday tackles 4 zero-days, two actively exploited
Microsoft’s November Patch Tuesday includes fixes for 89 vulnerabilities in total.
3 minutes
Exchange Server 2016 and 2019 have less than a year to live
On October 14, 2025, Exchange Server 2016 and Exchange Server 2019 reach end of support.
2 minutes
How threat actors use AI
OpenAI has published an update on some of the criminal campaigns it has identified and disrupted.
2 minutes
Patch now! Palo Alto Expedition vulnerabilities could leak firewall credentials
A set of vulnerabilities in Palo Alto Networks Expedition could allow an attacker to read database contents and arbitrary files
2 minutes
Update now! Five zero-days fixed October Patch Tuesday
Microsoft’s October Patch Tuesday covers five zero-days, two of which are being actively exploited.
2 minutes
Ransomware insurance is funding cybercrime, says White House official
"This is a troubling practice that must end."
2 minutes
Zimbra SMTP vulnerability is being exploited in numbers
The flaw can be exploited by sending an email with a specially crafted CC field.
1 minute
Hybrid cloud environments are not safe from ransomware
A ransomware affiliate has been found compromising hybrid cloud environments.
3 minutes
Android’s Rusty new code shakes off huge number of memory-safe vulnerabilities
Google has dramatically reduced the number of serious memory safety vulnerabilities in Android by shifting to memory-safe languages.
2 minutes
North Korean IT workers—or how not to solve the IT staff shortage
North Korea has been infiltrating organizations using IT workers with fake identities.
3 minutes
Ivanti patches admin bypass for Cloud Services Appliance
Ivanti has released a security advisory for a critical vulnerability in Ivanti CSA 4.6 which is being actively exploited.
2 minutes
Windows MSHTML vulnerability actively exploited
CISA has added another MSHTML vulnerability rooted in Internet Explorer to its known exploited vulnerabilities catalog
1 minute
Microsoft might kick security vendors out of the Windows kernel
Reducing kernel-level access could undermine security vendors' ability to protect systems effectively.
1 minute
Update now! Critical CVSS 10 vulnerability in Ivanti EPM
Ivanti has released a fix for CVE-2024-29847, a deserialization of untrusted data flaw that allows remote code execution in its…
2 minutes
Update now! Four zero-days fixed in September Patch Tuesday
Microsoft’s September Patch Tuesday covers 79 Microsoft CVEs and includes four actively exploited zero-days.
2 minutes
Ransomware gangs target SonicWall vulnerability
SonicWall is urging customers affected by CVE-2024-40766 to "please apply the patch as soon as possible."
2 minutes
At last! Microsoft calls time on ActiveX in Office 2024
When Office 2024 is released next month, ActiveX controls will be off by default in client apps like Word, Excel,…
2 minutes
Patch now! Zero-day used to target ISPs and MSPs
A patch is now available for a high severity vulnerability in Versa Director that can be used to compromise ISPs,…
2 minutes
