Rapid7 – WindowsTechs.com

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Posted on April 14, 2025 by Matt Kapko

Network edge devices — hardware that powers firewalls, VPNs and network routers — have quickly moved up the list of attackers’ preferred intrusion points into enterprise networks. While dozens of companies make and sell these devices, customers of one company in particular — Ivanti — have confronted exploited vulnerabilities in their products more than any […]

The post Is Ivanti the problem or a symptom of a systemic issue with network devices? appeared first on CyberScoop.

Continue reading Is Ivanti the problem or a symptom of a systemic issue with network devices?→

Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle

Posted on April 11, 2025 by Ryan Naraine

The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.
The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.
Continue reading Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle→

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)

Posted on April 1, 2025 by Zeljka Zorz

Exploitation attempts targeting the CVE-2025-2825 vulnerability on internet-facing CrushFTP instances are happening, the Shadowserver Foundation has shared on Monday, and the attackers have been leveraging publicly available PoC exploit code. What can … Continue reading Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)→

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Posted on March 20, 2025 by Zeljka Zorz

Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indicat… Continue reading Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)→

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Posted on March 11, 2025 by BrianKrebs

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Continue reading Microsoft: 6 Zero-Days in March 2025 Patch Tuesday→

Microsoft patches 57 vulnerabilities, including 6 zero-days

Posted on March 11, 2025 by Matt Kapko

More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.

The post Microsoft patches 57 vulnerabilities, including 6 zero-days appeared first on CyberScoop.

Continue reading Microsoft patches 57 vulnerabilities, including 6 zero-days→

Cybersecurity needs a leader, so let’s stop debating and start deciding

Posted on February 25, 2025 by Help Net Security

Have you ever heard anyone earnestly ask in a business, “Who owns legal?” or “Who sets the financial strategy?” Probably not – it should be obvious, right? Yet, when it comes to cybersecurity, the question of ownership still seems to spark endless deba… Continue reading Cybersecurity needs a leader, so let’s stop debating and start deciding→

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

Posted on February 17, 2025 by Zeljka Zorz

The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers com… Continue reading A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)→

Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation

Posted on February 13, 2025 by Ryan Naraine

Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product.
The post Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation appeared first on SecurityWeek.
Continue reading Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation→

Microsoft Patch Tuesday, February 2025 Edition

Posted on February 12, 2025 by BrianKrebs

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. Continue reading Microsoft Patch Tuesday, February 2025 Edition→