Microsoft’s January 2025 Patch Tuesday update fixes 161 vulnerabilities, including three critical zero-day exploits affecting Hyper-V, which are currently under active exploitation.
The UK’s NCSC and the US CISA have warned Ivanti customers to address two critical vulnerabilities in Ivanti Connect Secure and related products, with evidence of active exploitation linked to cyber threat groups.
A critical zero-day vulnerability, CVE-2024-49138, in the Microsoft Windows Common Log File System Driver poses significant risks, allowing local attackers to execute arbitrary code and elevate privileges, with active exploitation reported.
Google’s OSS-Fuzz team has enhanced their AI-driven fuzzing tool, discovering 26 vulnerabilities, including a critical flaw in OpenSSL that has existed for nearly 20 years.
The Five Eyes Alliance has raised an alert about a significant increase in cyber attackers exploiting previously unknown vulnerabilities, with the National Cyber Security Centre identifying the top 15 most exploited vulnerabilities of the year, including critical flaws in Citrix, Cisco, and Fortinet products.
Researchers from Google’s Project Zero and Google DeepMind have identified a zero-day memory-safety vulnerability in SQLite, marking a significant advancement in AI-assisted vulnerability research.
Google has issued an urgent alert for nearly 2 billion Windows users to update their Chrome browser to address critical security vulnerabilities, including a remote code execution flaw discovered by Apple’s SEAR team.
LightSpy, a sophisticated iOS spyware linked to a suspected state-sponsored group, exploits vulnerabilities in iOS and macOS systems to collect sensitive data and introduce destructive functions, posing a significant threat to Apple device users.
A sophisticated cyber-attack by the Lazarus Group exploited a critical zero-day vulnerability in Google Chrome, targeting cryptocurrency investors and resulting in significant thefts.
Broadcom has issued essential software updates to address severe security vulnerabilities CVE-2024-38812 and CVE-2024-38813 in VMware vCenter Server, which could allow remote code execution and system compromise.
