Hack Reports - Latest Cybersecurity News, Trends & Updates

Sign in Subscribe

Vulnerability Exploits

Ivanti warns of new Connect Secure flaw used in zero-day attacks - BleepingComputer

Ivanti warns of new Connect Secure flaw used in zero-day attacks - BleepingComputer

Ivanti has recently issued a warning about a new zero-day vulnerability in its Connect Secure product, which has been exploited by hackers to install malware on appliances. Here are the key details: Key Highlights: 1. Vulnerability Details: * The vulnerability, tracked as CVE-2025-0282, is a critical (CVSS 9.0) stack-based buffer

Ivanti warns of new Connect Secure flaw used in zero-day attacks

Ivanti warns of new Connect Secure flaw used in zero-day attacks

The latest news on the Ivanti Connect Secure vulnerability involves a zero-day attack that was recently disclosed and addressed by Ivanti. Here are the key highlights: 1. Vulnerability Disclosure: * Ivanti has disclosed two vulnerabilities affecting its Connect Secure, Policy Secure, and Neurons for Zero Trust Access (ZTA) gateways14. * The vulnerabilities

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) - Help Net Security

Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282) - Help Net Security

As of January 8, 2025, there is no specific information available on a CVE-2025-0282 exploit for Ivanti Connect Secure. However, there have been recent reports and advisories regarding Ivanti's vulnerabilities, particularly in the context of zero-day exploits and remote code execution. Key Points: 1. Ivanti Vulnerabilities: In 2024,

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens

Latest News on KerioControl Firewall CSRF Vulnerability and CSRF Token Theft Summary: Hackers are exploiting a critical CRLF injection vulnerability (CVE-2024-52875) in KerioControl, a firewall solution, to steal admin CSRF tokens, leading to potential 1-click remote code execution (RCE) attacks1. Detailed Context: 1. Vulnerability Details: * CVE-2024-52875: This is a critical

Zero-day vulnerability in Sonicwall SSL VPN is attacked - heise online

Zero-day vulnerability in Sonicwall SSL VPN is attacked - heise online

Latest News on SonicWall SSL VPN Vulnerability (January 2025) Summary: In January 2025, SonicWall announced updates to address actively attacked vulnerabilities in SonicOS, including a zero-day vulnerability in the SSL VPN and SSH management. The updates aim to close security gaps that are currently being exploited in the wild. Key

CISA warns of critical Oracle, Mitel flaws exploited in attacks

CISA warns of critical Oracle, Mitel flaws exploited in attacks

Latest News on CISA, Oracle, and Mitel Vulnerabilities CISA Warnings and Vulnerabilities 1. Mitel MiCollab Vulnerabilities: * CVE-2024-35286 and CVE-2024-41713: Security flaws in Mitel MiCollab have been identified, which could allow unauthorized access and arbitrary file read vulnerabilities24. * Path Traversal Vulnerability: Mitel MiCollab contains a path traversal vulnerability that could allow

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

Latest News on Illumina iSeq 100 Security Vulnerability: Researchers have recently uncovered a significant security flaw in the Illumina iSeq 100 DNA sequencing instrument. The vulnerability lies in the outdated BIOS firmware, which lacks Secure Boot and standard firmware write protections, making it susceptible to firmware exploits1. Key Highlights: 1.