Apple Fixes Critical macOS Vulnerability April Security Update
Apple Fixes Critical macOS Vulnerability April Security Update Apple has released an urgent security patch to address a critical vulnerability (CVE-2025-24280) affecting macOS Sequoia and macOS Sonoma. This kernel-level flaw, disclosed on April 3, 2025, impacts systems running macOS Sequoia versions prior to 15.4 and macOS Sonoma versions prior to 14.7.5. The vulnerability allows potentially […]
Fortinet Urges Immediate Action on Critical FortiSwitch Vulnerability
Fortinet Urges Immediate Action on Critical FortiSwitch Vulnerability In a recent advisory, Fortinet has sounded the alarm over a critical vulnerability affecting its popular FortiSwitch product line. Tracked as CVE-2024-48887 and rated 9.3 on the CVSS v3 scale, the flaw opens the door for unauthenticated attackers to remotely change the admin password on a FortiSwitch […]
Cisco Patches Two High-Severity Flaws in ECE and Meraki VPN Devices
Cisco Patches Two High-Severity Flaws in ECE and Meraki VPN Devices Cisco has released security updates to fix two newly discovered high-severity vulnerabilities (CVE-2025-20139) and (CVE-2025-20212) impacting its Enterprise Chat and Email (ECE) platform and Meraki MX/Z Series VPN devices. Both flaws could be exploited to cause Denial-of-Service (DoS) conditions, potentially leading to service outages […]
PoisonSeed – A Sophisticated Phishing Campaign Seeks Extensive Crypto Theft
PoisonSeed – A Sophisticated Phishing Campaign Seeks Extensive Crypto Theft PoisonSeed is a sophisticated phishing campaign uncovered by threat analysts, targeting enterprise organizations, VIPs, and cryptocurrency holders. Active in March 2025, it exploits CRM and bulk email providers like Mailchimp, SendGrid, and HubSpot to steal email lists and distribute spam. This includes a unique phishing […]
Critical Vulnerabilities in Ivanti Products Leave Enterprises Exposed to Remote Attacks
Critical Vulnerabilities in Ivanti Products Leave Enterprises Exposed to Remote Attacks Ivanti has released urgent patches addressing four high-severity vulnerabilities9 (CVE-2025-22457, CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644)affecting its widely used Connect Secure (ICS), Policy Secure (IPS), and Secure Access Client (ISAC) products. These flaws open the door to remote code execution, unauthorized file manipulation, and command injection, […]
Apache Traffic Server Flaw Enables HTTP Request Smuggling Attacks
Apache Traffic Server Flaw Enables HTTP Request Smuggling Attacks A critical vulnerability in Apache Traffic Server (ATS) allows attackers to exploit the server’s handling of chunked messages to execute HTTP request smuggling attacks. Identified as CVE-2024-53868, this flaw can result in serious security threats, including firewall bypass, cache poisoning and session hijacking. The vulnerability affects […]
Apple Fixes Recent Zero-Days in Older Devices
Apple Fixes Recent Zero-Days in Older Devices Apple has released backported security patches for older versions of iOS, iPadOS, and macOS, addressing three zero-day vulnerabilities that have been exploited in targeted attacks. These flaws—impacting system authorization, WebKit, and Core Media—enabled privilege escalation and code execution during targeted attacks. Users with older devices are strongly encouraged […]
High-Severity Vulnerability in VMware Tools Allows Privilege Escalation
High-Severity Vulnerability in VMware Tools Allows Privilege Escalation A newly discovered high-severity vulnerability (CVE-2025-22230) in VMware Tools for Windows could allow attackers with limited access inside a virtual machine (VM) to escalate their privileges and execute high-privilege operations. Affecting VMware Tools versions 11.x.x and 12.x.x, this flaw has been assigned a CVSSv3 score of 7.8, […]
Surge in Real Estate Scams Across the Middle East
Surge in Real Estate Scams Across the Middle East A new wave of real estate scams has emerged across the Middle East, targeting individuals and businesses seeking to invest in property. Cybercriminals are using fake property listings, fraudulent investment schemes, and phishing attacks to deceive victims into transferring large sums of money. These scams are […]
Six Million Records Reportedly Stolen in Oracle Cloud Breach
Six Million Records Reportedly Stolen in Oracle Cloud Breach A threat actor known as “rose87168” claims to have breached Oracle Cloud’s authentication systems, allegedly exfiltrating six million records impacting over 140,000 tenants. The stolen data reportedly includes JKS files, encrypted SSO and LDAP passwords and JPS keys, with the attacker demanding payment for data removal. […]