Actively Exploited
Palo Alto Networks tags new firewall bug as exploited in attacks
Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. The vendor first disclosed the authentication bypass vulnerability tracked as CVE-2025-0108 on February 12, 2025, releasing patches to fix the vulnerability. That same day, Assetnote […]
Hackers exploit authentication bypass in Palo Alto Networks PAN-OS
Hackers are launching attacks against Palo Alto Networks PAN-OS firewalls by exploiting a recently fixed vulnerability (CVE-2025-0108) that allows bypassing authentication. The security issue received a high-severity score and impacts the PAN-OS management web interface and allows an unauthenticated attacker on the network to bypass authentication and invoke certain PHP scripts, potentially compromising integrity and confidentiality. In […]
SonicWall firewall bug targeted in attacks after PoC exploit release
Attackers are now targeting an authentication bypass vulnerability affecting SonicWall firewalls shortly after the release of proof-of-concept (PoC) exploit code. This security flaw (CVE-2024-53704), tagged by CISA as critical severity and found in the SSLVPN authentication mechanism, impacts SonicOS versions 7.1.x (up to 7.1.1-7058), 7.1.2-7019, and 8.0.0-8035, used by multiple models of Gen 6 and […]
Surge in attacks exploiting old ThinkPHP and ownCloud flaws
Increased hacker activity has been observed in attempts to compromise poorly maintained devices that are vulnerable to older security issues from 2022 and 2023. Threat monitoring platform GreyNoise is reporting spikes in actors leveraging CVE-2022-47945 and CVE-2023-49103 that affect ThinkPHP Framework and the open-source ownCloud solution for file sharing and syncing. Both vulnerabilities have critical severity and can be exploited […]
Fortinet discloses second firewall auth bypass patched in January
Furthermore, even though today’s updated advisory indicates that both flaws were exploited in attacks and even includes a workaround for the new CSF proxy requests exploitation pathway, Fortinet says that only CVE-2024-55591 was exploited. Fortinet told GeekFeed that if a customer previously upgraded based on the guidance in FG-IR-24-535 / CVE-2024-55591, then they are already protected against the […]
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. Trimble Cityworks is a Geographic Information System (GIS)-centric asset management and work order management software designed primarily for local governments, utilities, and public works organizations. The […]
Critical RCE bug in Microsoft Outlook now exploited in attacks
CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, the flaw is caused by improper input validation when opening emails with malicious links using vulnerable Outlook versions. The attackers […]
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware
Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. The flaws are tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 and were reported as potentially actively exploited by Arctic Wolf last week. However, the cybersecurity firm could not confirm for sure if the flaws were used. Cybersecurity firm Field […]
CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks
The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible. Among them are flaws impacting Microsoft .NET Framework and Apache OFBiz (Open For Business), two widely used software applications. Though the agency […]
Zyxel won’t patch newly exploited flaws in end-of-life routers
Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models. VulnCheck discovered the two flaws in July 2024, but last week, GreyNoise reported having seen exploitation attempts in the wild. According to network […]