Microsoft’s January 2025 Patch Tuesday update fixes 161 vulnerabilities, including three critical zero-day exploits affecting Hyper-V, which are currently under active exploitation.
Microsoft’s January 2025 Patch Tuesday update addresses 159 vulnerabilities, including critical flaws in Windows Remote Desktop Services and Microsoft Outlook, with several actively exploited vulnerabilities requiring immediate attention.
The UK’s NCSC and the US CISA have warned Ivanti customers to address two critical vulnerabilities in Ivanti Connect Secure and related products, with evidence of active exploitation linked to cyber threat groups.
A critical zero-day vulnerability, CVE-2024-49138, in the Microsoft Windows Common Log File System Driver poses significant risks, allowing local attackers to execute arbitrary code and elevate privileges, with active exploitation reported.
Google’s OSS-Fuzz team has enhanced their AI-driven fuzzing tool, discovering 26 vulnerabilities, including a critical flaw in OpenSSL that has existed for nearly 20 years.
The Five Eyes Alliance has raised an alert about a significant increase in cyber attackers exploiting previously unknown vulnerabilities, with the National Cyber Security Centre identifying the top 15 most exploited vulnerabilities of the year, including critical flaws in Citrix, Cisco, and Fortinet products.
Cybersecurity researchers have identified six critical vulnerabilities in the Ollama AI framework that could be exploited for denial-of-service attacks, model poisoning, and model theft through a single HTTP request.
Researchers from Google’s Project Zero and Google DeepMind have identified a zero-day memory-safety vulnerability in SQLite, marking a significant advancement in AI-assisted vulnerability research.
Google has issued an urgent alert for nearly 2 billion Windows users to update their Chrome browser to address critical security vulnerabilities, including a remote code execution flaw discovered by Apple’s SEAR team.
The US Cybersecurity and Infrastructure Security Agency has warned manufacturing companies of significant vulnerabilities in Rockwell Automation and Mitsubishi Electric’s industrial control systems, which could lead to unauthorized access and denial-of-service attacks.
