This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:09:08+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine The US Cybersecurity and Infrastructure Security Agency has added two flaws affecting SonicWall products to its catalog of Known Exploited Vulnerabilities]]> 2025-05-02T14:00:00+00:00 https://www.infosecurity-magazine.com/news/cisa-exploitation-sonicwall/ www.secnews.physaphae.fr/article.php?IdArticle=8670593 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine UK retailers including Harrods, M&S, and the Co-op are under a surge of cyber-attacks that may be linked by a common supplier or shared technological vulnerability]]> 2025-05-02T09:05:00+00:00 https://www.infosecurity-magazine.com/news/harrods-uk-retailer-fall-victim-to/ www.secnews.physaphae.fr/article.php?IdArticle=8670485 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Google claims 19% more zero-day bugs were exploited in 2024 than 2022 as threat actors focus on security products]]> 2025-04-29T10:00:00+00:00 https://www.infosecurity-magazine.com/news/zeroday-exploitation-surges-19-two/ www.secnews.physaphae.fr/article.php?IdArticle=8669407 False Vulnerability,Threat None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine 50% of mobile devices run outdated operating systems, increasing vulnerability to cyber-attacks, according to the latest report from Zimperium]]> 2025-04-28T13:30:00+00:00 https://www.infosecurity-magazine.com/news/50-mobile-devices-run-outdated/ www.secnews.physaphae.fr/article.php?IdArticle=8669010 False Vulnerability,Mobile None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A maximum severity flaw affecting SAP NetWeaver has been exploited by threat actors]]> 2025-04-25T15:30:00+00:00 https://www.infosecurity-magazine.com/news/sap-fixes-critical-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8667728 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Backslash Security found that naïve prompts resulted in code vulnerable to at least four of the of the 10 most common vulnerabilities across popular LLMs]]> 2025-04-25T09:30:00+00:00 https://www.infosecurity-magazine.com/news/llms-vulnerable-code-default/ www.secnews.physaphae.fr/article.php?IdArticle=8667587 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A critical path traversal vulnerability in Commvault\'s backup and replication solutions has been reported]]> 2025-04-24T14:00:00+00:00 https://www.infosecurity-magazine.com/news/critical-vulnerability-commvault/ www.secnews.physaphae.fr/article.php?IdArticle=8667181 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine After a 180% rise in last year\'s report, the exploitation of vulnerabilities continues to grow, now accounting for 20% of all breaches]]> 2025-04-23T15:15:00+00:00 https://www.infosecurity-magazine.com/news/verizon-dbir-jump-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8666716 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Mandiant\'s M-Trends report found that credential theft rose significantly in 2024, driven by the growing use of infostealers]]> 2025-04-23T13:01:00+00:00 https://www.infosecurity-magazine.com/news/vulnerability-credential-initial/ www.secnews.physaphae.fr/article.php?IdArticle=8666642 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An NTLM hash disclosure spoofing vulnerability that leaks hashes with minimal user interaction has been observed being exploited in the wild]]> 2025-04-17T15:45:00+00:00 https://www.infosecurity-magazine.com/news/ntlm-hash-exploit-targets-poland/ www.secnews.physaphae.fr/article.php?IdArticle=8664113 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Hertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications]]> 2025-04-16T15:00:00+00:00 https://www.infosecurity-magazine.com/news/hertz-data-breach-exposes-customer/ www.secnews.physaphae.fr/article.php?IdArticle=8663591 False Data Breach,Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Pentesting firm Cobalt has found that organizations fix less than half of exploited vulnerabilities, with just 21% of generative AI flaws addressed]]> 2025-04-15T10:15:00+00:00 https://www.infosecurity-magazine.com/news/organizations-fix-half/ www.secnews.physaphae.fr/article.php?IdArticle=8663041 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The NVD program manager has announced undergoing process improvements to catch up with its growing vulnerability backlog]]> 2025-04-11T15:05:00+00:00 https://www.infosecurity-magazine.com/news/nvd-revamps-operations-cve-surge/ www.secnews.physaphae.fr/article.php?IdArticle=8661769 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Rockwell Automation, Hitachi Energy and Inaba Denki Sangyo have products affected by critical vulnerabilities carrying severity ratings as high as 9.9]]> 2025-04-11T08:00:00+00:00 https://www.infosecurity-magazine.com/news/cyble-urges-critical-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8661629 False Vulnerability,Industrial None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day]]> 2025-04-09T09:45:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-fixes-130-cves-april/ www.secnews.physaphae.fr/article.php?IdArticle=8661098 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine NIST marks CVEs pre-2018 as “Deferred” in the NVD as agency focus shifts to managing emerging threats]]> 2025-04-08T15:00:00+00:00 https://www.infosecurity-magazine.com/news/nist-defers-pre-2018-cves/ www.secnews.physaphae.fr/article.php?IdArticle=8660954 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog]]> 2025-04-08T11:20:00+00:00 https://www.infosecurity-magazine.com/news/crushftp-vulnerability-cisa-kev/ www.secnews.physaphae.fr/article.php?IdArticle=8660926 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Mandiant warned that Chinese espionage actor UNC5221 is actively exploiting a critical Ivanti vulnerability, which can lead to remote code execution]]> 2025-04-04T10:04:00+00:00 https://www.infosecurity-magazine.com/news/chinese-state-hackers-ivanti-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8660207 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A critical authentication bypass flaw in CrushFTP is under active exploitation following a mishandled disclosure process]]> 2025-04-03T15:00:00+00:00 https://www.infosecurity-magazine.com/news/crushftp-flaw-exploited-disclosure/ www.secnews.physaphae.fr/article.php?IdArticle=8660062 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282]]> 2025-03-31T15:45:00+00:00 https://www.infosecurity-magazine.com/news/malware-resurge-exploits-ivanti/ www.secnews.physaphae.fr/article.php?IdArticle=8659429 False Malware,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Forescout researchers found multiple vulnerabilities in leading solar power system manufacturers, which could be exploited to cause emergencies and blackouts]]> 2025-03-28T15:30:00+00:00 https://www.infosecurity-magazine.com/news/solar-power-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8658900 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Wiz Security finds four critical RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes]]> 2025-03-25T09:30:00+00:00 https://www.infosecurity-magazine.com/news/ingressnightmare-critical-bugs-40/ www.secnews.physaphae.fr/article.php?IdArticle=8658057 False Vulnerability,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A security researcher has observed threat actors exploiting vulnerabilities in a driver used by CheckPoint\'s ZoneAlarm antivirus to bypass Windows security measures]]> 2025-03-21T12:45:00+00:00 https://www.infosecurity-magazine.com/news/cybercriminals-exploit-checkpoint/ www.secnews.physaphae.fr/article.php?IdArticle=8657190 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Newly discovered vulnerability ZDI-CAN-25373 takes advantage of Windows shortcuts has been exploited by 11 state-sponsored groups since 2017]]> 2025-03-19T16:30:00+00:00 https://www.infosecurity-magazine.com/news/zdican25373-exploited-state/ www.secnews.physaphae.fr/article.php?IdArticle=8656731 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US Cybersecurity and Infrastructure Security Agency added flaws in Fortinet and a popular GitHub Action to its Known Exploited Vulnerabilities catalog]]> 2025-03-19T11:30:00+00:00 https://www.infosecurity-magazine.com/news/fortinet-vulnerability-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8656673 False Ransomware,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Volt Typhoon\'s ten-month intrusion of Littleton Electric Light and Water Departments exposes vulnerabilities in the US electric grid]]> 2025-03-13T17:15:00+00:00 https://www.infosecurity-magazine.com/news/volt-typhoon-threatens-us-ot/ www.secnews.physaphae.fr/article.php?IdArticle=8655593 False Vulnerability,Industrial Guam 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine iOS 18.3.2 patches actively exploited WebKit flaw, addressing critical security risks for users]]> 2025-03-12T17:00:00+00:00 https://www.infosecurity-magazine.com/news/ios-1832-patches-exploited-webkit/ www.secnews.physaphae.fr/article.php?IdArticle=8655336 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Surging machine identities, faster threat detection and fewer vulnerabilities are shaping cloud security according to a new report]]> 2025-03-12T14:30:00+00:00 https://www.infosecurity-magazine.com/news/machine-identities-outnumber/ www.secnews.physaphae.fr/article.php?IdArticle=8655310 False Vulnerability,Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US Cybersecurity and Infrastructure Security Agency (CISA) has added five new flaws in Ivanti and VeraCore products to its Known Exploited Vulnerabilities catalog]]> 2025-03-11T12:00:00+00:00 https://www.infosecurity-magazine.com/news/cisa-kev-ivanti-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8654994 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Travelers found that ransomware groups are focusing on targeting weak credentials on VPN and gateway accounts for initial access, marking a shift from 2023]]> 2025-03-07T14:30:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-repeatable-access/ www.secnews.physaphae.fr/article.php?IdArticle=8654540 False Ransomware,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An arbitrary file upload vulnerability in the Chaty Pro plugin has been identified, affecting 18,000 WordPress sites]]> 2025-03-06T17:15:00+00:00 https://www.infosecurity-magazine.com/news/flaw-chaty-pro-plugin-18k/ www.secnews.physaphae.fr/article.php?IdArticle=8654364 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild]]> 2025-03-04T15:45:00+00:00 https://www.infosecurity-magazine.com/news/vmware-patch-exploited-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8653451 False Vulnerability,Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA has added five more CVEs into its known exploited vulnerabilities catalog]]> 2025-03-04T10:30:00+00:00 https://www.infosecurity-magazine.com/news/cisa-govt-patch-exploited-cisco/ www.secnews.physaphae.fr/article.php?IdArticle=8653364 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors are exploiting a zero-day bug in Paragon Partition Manager\'s BioNTdrv.sys driver during ransomware attacks]]> 2025-03-03T09:35:00+00:00 https://www.infosecurity-magazine.com/news/byovd-zero-day-paragon-partition/ www.secnews.physaphae.fr/article.php?IdArticle=8652921 False Ransomware,Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Four in ten flaws exploited by threat actors in 2024 were from 2020 or earlier, with some dating back to the 1990s, according to a GreyNoise report]]> 2025-02-28T11:00:00+00:00 https://www.infosecurity-magazine.com/news/old-vulnerabilities-widely/ www.secnews.physaphae.fr/article.php?IdArticle=8651928 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Veracode found a 47% increase in the average time taken to patch software vulnerabilities, driven by growing reliance on third-party code]]> 2025-02-27T13:00:00+00:00 https://www.infosecurity-magazine.com/news/software-vulnerabilities-nine/ www.secnews.physaphae.fr/article.php?IdArticle=8651599 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Elementor plugin flaw puts 2m WordPress websites at risk, allowing XSS attacks via malicious scripts]]> 2025-02-24T17:00:00+00:00 https://www.infosecurity-magazine.com/news/elementor-plugin-vulnerability-2m/ www.secnews.physaphae.fr/article.php?IdArticle=8650561 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances]]> 2025-02-20T12:45:00+00:00 https://www.infosecurity-magazine.com/news/hackers-chain-exploits-three-palo/ www.secnews.physaphae.fr/article.php?IdArticle=8649229 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A flaw in the Jupiter X Core plugin has been identified, allowing upload of malicious SVG files and remote code execution on vulnerable servers]]> 2025-02-19T17:15:00+00:00 https://www.infosecurity-magazine.com/news/wordpress-plugin-flaw-exposes/ www.secnews.physaphae.fr/article.php?IdArticle=8649038 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Vulnerabilities in firewalls from Palo Alto Networks and SonicWall are currently under active exploitation]]> 2025-02-17T09:30:00+00:00 https://www.infosecurity-magazine.com/news/palo-alto-networks-sonicwall/ www.secnews.physaphae.fr/article.php?IdArticle=8648686 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine US agencies have issued a new alert to eliminate buffer overflow vulnerabilities, urging memory-safe programming for secure-by-design software development]]> 2025-02-13T16:30:00+00:00 https://www.infosecurity-magazine.com/news/cisa-fbi-buffer-overflow/ www.secnews.physaphae.fr/article.php?IdArticle=8648397 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine NCSC CTO Ollie Whitehouse discussed a UK government-backed project designed to secure underlying computer hardware, preventing most vulnerabilities from occurring]]> 2025-02-12T15:45:00+00:00 https://www.infosecurity-magazine.com/news/cheri-security-hardware-uk-security/ www.secnews.physaphae.fr/article.php?IdArticle=8648217 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Apple has patched a zero-day vulnerability being exploited in targeted attacks]]> 2025-02-11T10:30:00+00:00 https://www.infosecurity-magazine.com/news/apple-update-extremely/ www.secnews.physaphae.fr/article.php?IdArticle=8648021 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Patchstack urges admins to patch new WordPress ASE plugin vulnerability that lets users restore previous admin privileges]]> 2025-02-06T16:30:00+00:00 https://www.infosecurity-magazine.com/news/wordpress-ase-plugin-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8647256 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA has identified a backdoor in Contec CMS8000 devices that could allow unauthorized access to patient data and disrupt monitoring functions]]> 2025-02-03T17:15:00+00:00 https://www.infosecurity-magazine.com/news/cisa-warns-backdoor-contec-patient/ www.secnews.physaphae.fr/article.php?IdArticle=8646620 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cyber reports exposed major security flaws in DeepSeek\'s R1 LLM]]> 2025-01-31T10:37:00+00:00 https://www.infosecurity-magazine.com/news/deepseek-r1-security/ www.secnews.physaphae.fr/article.php?IdArticle=8645199 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The UK\'s National Cyber Security Centre has released a new paper making it easier to assess if a flaw is “unforgivable”]]> 2025-01-30T10:00:00+00:00 https://www.infosecurity-magazine.com/news/ncsc-vendors-erase-unforgivable/ www.secnews.physaphae.fr/article.php?IdArticle=8644698 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine AI-related API vulnerabilities surged 1,205% in 2024, with 99% tied to API flaws, according to a new report by Wallarm]]> 2025-01-29T16:30:00+00:00 https://www.infosecurity-magazine.com/news/ai-surge-record-1205-increase-api/ www.secnews.physaphae.fr/article.php?IdArticle=8644379 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars]]> 2025-01-27T11:00:00+00:00 https://www.infosecurity-magazine.com/news/subaru-bug-remote-vehicle-tracking/ www.secnews.physaphae.fr/article.php?IdArticle=8643259 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment]]> 2025-01-23T16:30:00+00:00 https://www.infosecurity-magazine.com/news/cisa-fbi-warn-chained-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8641656 False Vulnerability,Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The network equipment giant urged customers to patch immediately]]> 2025-01-23T12:15:00+00:00 https://www.infosecurity-magazine.com/news/cisco-critical-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8641557 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally]]> 2025-01-21T17:00:00+00:00 https://www.infosecurity-magazine.com/news/mirai-variant-targets-cameras/ www.secnews.physaphae.fr/article.php?IdArticle=8640694 False Malware,Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Critical flaws include those in Oracle Supply Chain products]]> 2025-01-21T12:45:00+00:00 https://www.infosecurity-magazine.com/news/oracle-320-vulnerabilities-january/ www.secnews.physaphae.fr/article.php?IdArticle=8640605 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The leak likely comes from a zero-day exploit affecting Fortinet\'s products]]> 2025-01-16T12:50:00+00:00 https://www.infosecurity-magazine.com/news/hacking-group-leaks-config-15k/ www.secnews.physaphae.fr/article.php?IdArticle=8638262 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The security provider published mitigation measures to prevent exploitation]]> 2025-01-15T12:00:00+00:00 https://www.infosecurity-magazine.com/news/fortinet-confirms-critical-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8637679 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products]]> 2025-01-14T09:45:00+00:00 https://www.infosecurity-magazine.com/news/uk-registry-nominet-breached/ www.secnews.physaphae.fr/article.php?IdArticle=8637072 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers]]> 2025-01-10T09:15:00+00:00 https://www.infosecurity-magazine.com/news/fake-poc-exploit-researchers/ www.secnews.physaphae.fr/article.php?IdArticle=8635572 False Vulnerability,Threat,Prediction None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ivanti customers are urged to patch two new bugs in the security vendor\'s products, one of which is being actively exploited]]> 2025-01-09T09:45:00+00:00 https://www.infosecurity-magazine.com/news/critical-ivanti-zeroday-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=8635225 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices]]> 2025-01-08T10:45:00+00:00 https://www.infosecurity-magazine.com/news/mirai-botnet-zerodays-routers/ www.secnews.physaphae.fr/article.php?IdArticle=8634847 False Vulnerability,Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI]]> 2025-01-07T17:15:00+00:00 https://www.infosecurity-magazine.com/news/vulnerabilities-mlops-platforms/ www.secnews.physaphae.fr/article.php?IdArticle=8634579 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution]]> 2025-01-07T16:30:00+00:00 https://www.infosecurity-magazine.com/news/moxa-urges-updates-security/ www.secnews.physaphae.fr/article.php?IdArticle=8634558 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The vulnerabilities, now patched, posed significant risks, including unauthorized file uploads, privilege escalation and SQL injection attacks]]> 2024-12-23T17:15:00+00:00 https://www.infosecurity-magazine.com/news/flaws-wordpress-plugins-wplms/ www.secnews.physaphae.fr/article.php?IdArticle=8629199 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A Morphisec researcher showed how an attacker could manipulate FIRST\'s Exploit Prediction Scoring System (EPSS) using AI]]> 2024-12-19T10:30:00+00:00 https://www.infosecurity-magazine.com/news/epss-exposed-to-adversarial-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8627462 False Tool,Vulnerability,Threat,Prediction None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites]]> 2024-12-12T17:15:00+00:00 https://www.infosecurity-magazine.com/news/security-flaws-wordpress-woffice/ www.secnews.physaphae.fr/article.php?IdArticle=8624146 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild]]> 2024-12-11T10:15:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-71-cves-actively/ www.secnews.physaphae.fr/article.php?IdArticle=8623375 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks]]> 2024-12-11T09:30:00+00:00 https://www.infosecurity-magazine.com/news/zero-day-cleo-file-transfer/ www.secnews.physaphae.fr/article.php?IdArticle=8623344 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Veeam has released patches for critical VSPC flaws, requiring immediate attention from affected service providers]]> 2024-12-05T16:30:00+00:00 https://www.infosecurity-magazine.com/news/veeam-urges-update-patch/ www.secnews.physaphae.fr/article.php?IdArticle=8620160 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine SmokeLoader malware identified targeting Taiwanese firms via phishing, exploiting Microsoft Office vulnerabilities]]> 2024-12-02T14:00:00+00:00 https://www.infosecurity-magazine.com/news/smokeloader-malware-taiwan/ www.secnews.physaphae.fr/article.php?IdArticle=8618675 False Malware,Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine This vulnerability was patched in May 2024 but was only allocated a CVE in November after evidence of exploitation]]> 2024-11-28T13:00:00+00:00 https://www.infosecurity-magazine.com/news/exploit-projectsend-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8618150 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Customers of Advantech\'s EKI-6333AC-2G industrial-grade wireless access point have been urged to update their devices to new firmware versions]]> 2024-11-28T11:15:00+00:00 https://www.infosecurity-magazine.com/news/critical-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8618146 False Vulnerability,Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks]]> 2024-11-27T11:00:00+00:00 https://www.infosecurity-magazine.com/news/romcom-apt-zeroday-flaws-firefox/ www.secnews.physaphae.fr/article.php?IdArticle=8617997 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities]]> 2024-11-22T10:15:00+00:00 https://www.infosecurity-magazine.com/news/mitre-unveils-top-25-software-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8615961 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine One of these flaws detected using LLMs was in the widely used OpenSSL library]]> 2024-11-21T14:45:00+00:00 https://www.infosecurity-magazine.com/news/google-oss-fuzz-ai-expose-26/ www.secnews.physaphae.fr/article.php?IdArticle=8615523 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks]]> 2024-11-20T12:00:00+00:00 https://www.infosecurity-magazine.com/news/apple-security-update/ www.secnews.physaphae.fr/article.php?IdArticle=8614692 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data]]> 2024-11-19T16:30:00+00:00 https://www.infosecurity-magazine.com/news/helldown-ransomware-target-vmware/ www.secnews.physaphae.fr/article.php?IdArticle=8614189 False Ransomware,Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Palo Alto advised users to patch urgently as the vulnerability is critical and actively exploited in the wild]]> 2024-11-19T15:00:00+00:00 https://www.infosecurity-magazine.com/news/palo-alto-patches-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8614130 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation]]> 2024-11-15T15:30:00+00:00 https://www.infosecurity-magazine.com/news/palo-alto-confirms-new-0day/ www.secnews.physaphae.fr/article.php?IdArticle=8611788 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October]]> 2024-11-15T12:15:00+00:00 https://www.infosecurity-magazine.com/news/watchtowr-new-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8611700 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The UK\'s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities]]> 2024-11-14T09:30:00+00:00 https://www.infosecurity-magazine.com/news/bank-england-uturns-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8610956 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited]]> 2024-11-13T09:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-four-zerodays-november/ www.secnews.physaphae.fr/article.php?IdArticle=8610300 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine watchTowr has found a flaw in Citrix\'s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops]]> 2024-11-12T14:00:00+00:00 https://www.infosecurity-magazine.com/news/new-citrix-zeroday-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8609813 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Androxgh0st botnet has expanded, integrating Mozi IoT payloads and targeting web server vulnerabilities]]> 2024-11-07T17:15:00+00:00 https://www.infosecurity-magazine.com/news/androxgh0st-botnet-adopts-mozi/ www.secnews.physaphae.fr/article.php?IdArticle=8607657 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The flaw, an exploitable stack buffer underflow in SQLite, was found by Google\'s Big Sleep team using a large language model (LLM)]]> 2024-11-04T15:00:00+00:00 https://www.infosecurity-magazine.com/news/google-first-vulnerability-found/ www.secnews.physaphae.fr/article.php?IdArticle=8606007 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyber-attacks]]> 2024-11-01T11:45:00+00:00 https://www.infosecurity-magazine.com/news/cisa-critical-vulnerabilities-ics/ www.secnews.physaphae.fr/article.php?IdArticle=8604606 False Vulnerability,Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites]]> 2024-10-30T17:15:00+00:00 https://www.infosecurity-magazine.com/news/litespeed-cache-plugin-flaw-admin/ www.secnews.physaphae.fr/article.php?IdArticle=8603828 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services]]> 2024-10-30T15:30:00+00:00 https://www.infosecurity-magazine.com/news/apple-security-update-macos-ios/ www.secnews.physaphae.fr/article.php?IdArticle=8603785 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Trend Micro\'s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws]]> 2024-10-28T10:15:00+00:00 https://www.infosecurity-magazine.com/news/researchers-70-zeroday-bugspwn/ www.secnews.physaphae.fr/article.php?IdArticle=8602770 False Vulnerability,Threat,Prediction None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware]]> 2024-10-24T16:00:00+00:00 https://www.infosecurity-magazine.com/news/lazarus-group-exploits-google/ www.secnews.physaphae.fr/article.php?IdArticle=8601571 False Malware,Vulnerability,Threat APT 38 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA\'s KEV catalog]]> 2024-10-24T10:45:00+00:00 https://www.infosecurity-magazine.com/news/fortinet-exploitation-fortimanager/ www.secnews.physaphae.fr/article.php?IdArticle=8601535 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The cryptographic vulnerabilities were found in Sync, pCloud, Icedrive and Seafile by ETH Zurich]]> 2024-10-21T16:00:00+00:00 https://www.infosecurity-magazine.com/news/flaws-e2ee-cloud-storage-services/ www.secnews.physaphae.fr/article.php?IdArticle=8601266 False Vulnerability,Cloud None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft urges macOS users to apply a fix for the vulnerability, which it believes may be under active exploitation by the Adload malware family]]> 2024-10-18T13:00:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-macos-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8599717 False Malware,Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine NHS England has issued an alert regarding a critical Veeam Backup & Replication vulnerability that is being actively exploited, potentially leading to remote code execution]]> 2024-10-11T15:00:00+00:00 https://www.infosecurity-magazine.com/news/nhs-england-warns-cve-active/ www.secnews.physaphae.fr/article.php?IdArticle=8596059 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ivanti\'s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs]]> 2024-10-09T09:15:00+00:00 https://www.infosecurity-magazine.com/news/ivanti-three-csa-zerodays/ www.secnews.physaphae.fr/article.php?IdArticle=8594717 False Vulnerability,Threat,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine October\'s Patch Tuesday saw Microsoft patch over 100 CVEs including five zero-day vulnerabilities]]> 2024-10-09T08:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-five-zerodays-patch/ www.secnews.physaphae.fr/article.php?IdArticle=8594718 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A Black Kite report found that 67% of manufacturing firms have at least one vulnerability from CISA\'s Known Exploited Vulnerabilities (KEV) catalog]]> 2024-10-02T13:00:00+00:00 https://www.infosecurity-magazine.com/news/manufacturing-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8590449 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The vulnerability, discovered by Wiz researchers, affects both cloud-based and on-premises AI applications using the toolkit]]> 2024-09-30T16:15:00+00:00 https://www.infosecurity-magazine.com/news/nvidia-ai-toolkit-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8588969 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The newly identified vulnerabilities exploit improper input validation when managing printer requests over the network]]> 2024-09-30T15:30:00+00:00 https://www.infosecurity-magazine.com/news/rce-vulnerabilities-cups/ www.secnews.physaphae.fr/article.php?IdArticle=8588970 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA adds critical Ivanti bug to its Known Exploited Vulnerabilities catalog]]> 2024-09-25T09:05:00+00:00 https://www.infosecurity-magazine.com/news/critical-ivanti-auth-bypass-bug/ www.secnews.physaphae.fr/article.php?IdArticle=8584579 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The flaws are dangerous as the Houzez theme and Login Register plugin could allow privilege escalation by unauthenticated users]]> 2024-09-23T15:30:00+00:00 https://www.infosecurity-magazine.com/news/vulnerabilities-found-houzez-theme/ www.secnews.physaphae.fr/article.php?IdArticle=8583064 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US Cybersecurity and Infrastructure Security Agency is trying to eradicate cross-site scripting vulnerabilities]]> 2024-09-18T08:30:00+00:00 https://www.infosecurity-magazine.com/news/cisa-advice-eliminate-xss-bugs/ www.secnews.physaphae.fr/article.php?IdArticle=8578956 False Vulnerability None 2.0000000000000000