Collaborate Disseminate
A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersec… Continue reading NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248)
Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indicat… Continue reading Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
150 abandoned Amazon S3 buckets could have been leveraged to deliver malware or backdoors to governments and Fortune companies.
The post Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms appeared first on SecurityWeek.
Continue reading Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms
The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver Foundation shared today. In the meantime, UK domain registry Nominet became the fi… Continue reading UK domain registry Nominet breached via Ivanti zero-day
A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit th… Continue reading Mitel MiCollab zero-day and PoC exploit unveiled
Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it… Continue reading 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)
watchTowr announced a $19 million Series A funding round led by Peak XV, formerly known as Sequoia India & Southeast Asia, with repeat participation from Prosus Ventures and Cercano Management. The company will use the funds to capture market lead… Continue reading watchTowr raises $19 million to accelerate global growth
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged… Continue reading Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately … Continue reading Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)
An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and o… Continue reading PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)