Assetnote – WindowsTechs.com

Attackers are chaining flaws to breach Palo Alto Networks firewalls

Posted on February 19, 2025 by Zeljka Zorz

Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively e… Continue reading Attackers are chaining flaws to breach Palo Alto Networks firewalls→

PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)

Posted on February 13, 2025 by Zeljka Zorz

Palo Alto Networks has fixed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its next-gen firewalls, a proof-of-concept exploit (PoC) for which has been made public. “Palo Alto Networks is no… Continue reading PAN-OS authentication bypass hole plugged, PoC is public (CVE-2025-0108)→

Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)

Posted on October 30, 2023 by Zeljka Zorz

CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors. According to security researcher Kevin Beaumont’s cybers… Continue reading Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)→

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Posted on October 2, 2023 by Helga Labus

Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code … Continue reading Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)→

Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.

Posted on August 22, 2023 by BrianKrebs

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers. Security experts say this same tourist dynamic is a dead giveaway in virtually all computer intrusions that lead to devastating attacks like ransomware, and that more organizations should set simple virtual tripwires that sound the alarm when authorized users and devices are spotted exhibiting this behavior. Continue reading Tourists Give Themselves Away by Looking Up. So Do Most Network Intruders.→

Easily exploitable flaw in Oracle Opera could spell trouble for hotel chains (CVE-2023-21932)

Posted on May 2, 2023 by Zeljka Zorz

A recently patched vulnerability (CVE-2023-21932) in Oracle Opera, a property management system widely used in large hotel and resort chains, is more critical than Oracle says it is and could be easily exploited by unauthenticated remote attackers to a… Continue reading Easily exploitable flaw in Oracle Opera could spell trouble for hotel chains (CVE-2023-21932)→