Skip to content
network security Page 112

network security

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

Feb 05, 2025Ravie LakshmananVulnerability / Software Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the… 

Read More »CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

Feb 04, 2025Ravie LakshmananVulnerability / Threat Intelligence Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to… 

Read More »Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

Feb 04, 2025Ravie LakshmananVulnerability / Cyber Espionage A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote… 

Read More »Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections
North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS

Feb 04, 2025Ravie LakshmananMalware / Cryptocurrency The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job… 

Read More »North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS
Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks

Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks

Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek’s Artificial Intelligence (AI) platform, citing security risks. “Government agencies and critical infrastructure should not use DeepSeek, because it endangers national… 

Read More »Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks
AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access

Feb 04, 2025Ravie LakshmananVulnerability / Hardware Security A security vulnerability has been disclosed in AMD’s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw,… 

Read More »AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

Feb 04, 2025The Hacker NewsVulnerability / Cloud Security Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their… 

Read More »Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

Feb 04, 2025Ravie LakshmananVulnerability / Mobile Security Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability… 

Read More »Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
Microsoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power Platform

Microsoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power Platform

Feb 04, 2025Ravie LakshmananVulnerability / SharePoint Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user’s… 

Read More »Microsoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power Platform