Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indicat… Continue reading Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)

Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. Continue reading Microsoft: 6 Zero-Days in March 2025 Patch Tuesday

Microsoft patches 57 vulnerabilities, including 6 zero-days

More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.

The post Microsoft patches 57 vulnerabilities, including 6 zero-days appeared first on CyberScoop.

Continue reading Microsoft patches 57 vulnerabilities, including 6 zero-days

Cybersecurity needs a leader, so let’s stop debating and start deciding

Have you ever heard anyone earnestly ask in a business, “Who owns legal?” or “Who sets the financial strategy?” Probably not – it should be obvious, right? Yet, when it comes to cybersecurity, the question of ownership still seems to spark endless deba… Continue reading Cybersecurity needs a leader, so let’s stop debating and start deciding

A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers com… Continue reading A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094)

Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation

Rapid7 finds a new zero-day vulnerability in PostgreSQL and links it to chain of attacks against a BeyondTrust Remote Support product.
The post Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation appeared first on SecurityWeek.
Continue reading Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. Continue reading Microsoft Patch Tuesday, February 2025 Edition

Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. Continue reading Microsoft Patch Tuesday, February 2025 Edition

Ransomware payments plummet as more victims refuse to pay

Chainalysis’ latest report on how the ransomware landscape changed from 2023 to 2024 shows a promising trend: An increasing number of victims refuses to pay the ransom. The total volume of ransom payments decreased year-over-year by approximately… Continue reading Ransomware payments plummet as more victims refuse to pay

Microsoft: Happy 2025. Here’s 161 Security Updates

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Continue reading Microsoft: Happy 2025. Here’s 161 Security Updates