Pierluigi Paganini
January 24, 2025
SonicWall warns customers of a critical zero-day vulnerability in SMA 1000 Series appliances, likely exploited in the wild. SonicWall is warning customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances. The vulnerability is a Pre-authentication deserialization of untrusted data issue in the […]
Pierluigi Paganini
January 23, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds JQuery vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added a JQuery persistent cross-site scripting (XSS) vulnerability, tracked as CVE-2020-11023Â (CVSS score: 6.9) to its Known Exploited Vulnerabilities (KEV) catalog. In jQuery 1.0.3 to 3.4.1, using DOM methods with untrusted HTML containing […]
Pierluigi Paganini
January 23, 2025
Bug hunters earned $129,000 for Tesla charger exploits and over $700,000 total in two days at Pwn2Own Automotive 2025. During Day 2 of Pwn2Own Automotive 2025 organizers awarded $335,500, which brings the event total to $718,250. So far, the researchers have demonstrated 39 unique zero-days. The team SinSinology leads the Master of Pwn chart. Sina […]
Pierluigi Paganini
January 23, 2025
US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US government’s cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti Cloud Service Appliances (CSA). A CISA and FBI published a joint advisory warning that Chinese hackers […]
Pierluigi Paganini
January 22, 2025
Trend Micro’s Zero Day Initiative (ZDI) announced that $380K was awarded on Day 1 of Pwn2Own Automotive 2025. Trend Micro’s Zero Day Initiative (ZDI) announced that over $380,000 was awarded on Day 1 of Pwn2Own Automotive 2025, a hacking contest that was held in Tokyo. In total, the organizers awarded $382,750 for 16 unique working […]
Pierluigi Paganini
January 22, 2025
Cloudflare announced that it has blocked a record-breaking 5.6 terabit-per-second (Tbps) distributed denial-of-service (DDoS) attack. Cloudflare announced that during the week of Halloween 2024, it autonomously detected and blocked a 5.6 Terabit per second (Tbps) DDoS attack, which is the largest attack ever reported. The previous largest DDoS attack blocked by Cloudflare occurred in October […]
Pierluigi Paganini
January 22, 2025
A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the Web (MotW) Windows security feature. Attackers can exploit a vulnerability, tracked as CVE-2025-0411, in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature. Mark of the Web (MotW) is a security […]
Pierluigi Paganini
January 21, 2025
CERT-UA warned of scammers impersonating the agency, using fake AnyDesk requests to conduct fraudulent security audits. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber scams involving threat actors impersonating the agency by sending fraudulent AnyDesk connection requests under the guise of security audits. CERT-UA pointed out that it uses the software AnyDesk […]
Pierluigi Paganini
January 21, 2025
Kaspersky researchers shared details about multiple vulnerabilities impacting the Mercedes-Benz MBUX infotainment system. Kaspersky published research findings on the first-generation Mercedes-Benz User Experience (MBUX) infotainment system, specifically focusing on the Mercedes-Benz Head Unit. The researchers started from the results of another study conducted by KeenLab on the MBUX internals. The experts used a diagnostic software […]
Pierluigi Paganini
January 20, 2025
HPE is probing claims by the threat actor IntelBroker who is offering to sell alleged stolen source code and data from the company. Last week, the notorious threat actor IntelBroker announced on a popular cybercrime forum the sale of data allegedly stolen from HPE. IntelBroker, known for leaking data from major organizations, made the headlines […]
