Vulnerabilities – Trust our Experience-Get the Best Services

April 16, 2025April 16, 2025

CVE Program Almost Unfunded

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute.
This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from. Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities. It’s kind of crazy to think that the US government might damage its own security in this way—but I suppose no crazier than any of the other ways the US is working against its own interests right now…

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’

April 9, 2025April 9, 2025

Cybersecurity

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’

Microsoft warns CVE-2025-29824 lets attackers with user access escalate privileges to deploy ransomware via a flaw in Windows CLFS.

Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities

April 2, 2025April 2, 2025

iPhone

Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities

Apple has also fixed vulnerabilities in iPadOS 17.7.6, macOS Sonoma 14.7.5, and macOS Ventura 13.7.5, as well as its recently released iOS 18.4.

Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication

March 26, 2025March 26, 2025

microsoft

Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication

CVE-2025-22230 is described as an “authentication bypass vulnerability” by Broadcom, allowing hackers to perform high-privilege operations without the necessary credentials.

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk?

March 19, 2025March 19, 2025

remote code execution

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk?

By simply sending HTTP requests, attackers can trigger the deserialisation of malicious data in Tomcat’s session storage and gain control.

Update Your iPhone Now to Fix Safari Security Flaw

March 14, 2025March 14, 2025

Vulnerabilities

Update Your iPhone Now to Fix Safari Security Flaw

The vulnerability allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device.

Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

January 15, 2025January 15, 2025

github

Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Microsoft’s monthly patches cover Hyper-V NT Kernel Integration VSPs, Git in Visual Studio, and more.

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

December 11, 2024December 11, 2024

CXO

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

December marked a quiet month with 70 vulnerabilities patched, plus updates from outside of Microsoft.

US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack

December 11, 2024December 11, 2024

sophos

US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack

Chinese cybersecurity firm Sichuan Silence has been sanctioned for exploiting a vulnerability in Sophos firewalls used at critical infrastructure organizations in the U.S.

Category: Vulnerabilities