Ransomware Group Revives Log4j2 Flaw to Hit Hospitals, Factories, Banks
A known ransomware syndicate has resurfaced an old but unpatched Log4j2 vulnerability to launch a multi‑stage attack chain. The
State‑Backed Espionage Hijacks EDA Tools, Steals Chip Design Secrets
The Cybersecurity and Infrastructure Security Agency (CISA) disclosed a coordinated espionage campaign by a nation‑state actor that infiltrated electronic
Critical Windows Kernel Zero‑Day Weaponized Against Banks in NA and EU
Microsoft’s Security Response Center has disclosed a critical zero‑day vulnerability in the Windows kernel that grants attackers system‑
Critical XFS Kernel Flaw (CVE‑2024‑2150) Lets Cloud Containers Escape to Root
CVE‑2024‑2150 is a critical Linux kernel vulnerability that arises from malformed XFS filesystem operations. The flaw allows a
Critical Exchange Server Zero‑Day Exploited in the Wild – Patch Now
Microsoft disclosed a critical zero‑day vulnerability (CVE‑2024‑XXXXX) in on‑premises Exchange Server that permits unauthenticated attackers to
Microsoft Releases Critical Exchange Server Patch to Close ProxyLogon Gaps
Microsoft has published a cumulative update for on‑premises Exchange Server that finally patches the remaining ProxyLogon flaws first disclosed
Chinese APT Hijacks DevOps Updates to Steal Aerospace IP
A Chinese state‑sponsored APT group infiltrated the software‑distribution pipeline of a popular DevOps platform, replacing legitimate update packages
Active Exploitation of FortiOS Zero‑Day Threatening Healthcare and Manufacturing
A previously unknown zero‑day flaw in Fortinet’s FortiOS VPN module is being weaponized in the wild. The vulnerability
Critical Log4j 2.x Flaw Spurs Immediate Patch Push Across Cloud and Enterprise
A cascade of critical vulnerabilities in Apache Log4j 2.x has been publicly disclosed, prompting major cloud providers and enterprise
SolarWinds Issues Emergency Orion Patch After Critical Zero‑Day Revealed
SolarWinds announced an emergency update to its Orion network‑management platform after a critical zero‑day vulnerability was publicly disclosed.
