Patch/Configuration Management

Vulnerability Management

Credential Exfiltration Possible With Check Point ZoneAlarm Driver Bug

MSSP Alert StaffMarch 24, 2025

CheckPoint acknowledged the flaw and advised customers to run the most updated version of ZoneAlarm.

Vulnerability Management

Updated KEV Catalog From CISA Includes Edimax, NAKIVO, and SAP NetWeaver Bugs

MSSP Alert StaffMarch 21, 2025

CISA ordered federal agencies to fix the trio of bugs by April 9.

DevSecOps

Attacks With Newly Addressed Win32 Bug Ongoing For Two Years

MSSP Alert StaffMarch 13, 2025

Win32 bug patched as part of this month's Patch Tuesday.

Vulnerability Management

Apple Addresses Actively-Exploited Zero-Day In WebKit Browser Engine

MSSP Alert StaffMarch 12, 2025

This most recent flaw is the third zero-day remediated by Apple this year.

Real Php code developing screen. Programing workflow abstract algorithm concept. Lines of Php code visible under magnifying lens.

Vulnerability Management

Targeting Of Critical PHP Vulnerability Expands Globally

MSSP Alert StaffMarch 10, 2025

Exploit of PHP expands beyond Japan and into United States and Singapore.

Patch/Configuration Management

Apple iOS Flaw Enables USB Lockout Evasion

MSSP Alert StaffFebruary 19, 2025

Quarkslab researchers advise applying the iOS 18.3.1 patch.

The United States Treasury Department building in Washington, D.C.

Vulnerability Management

New PostgreSQL Zero-Day Potentially Leveraged in BeyondTrust Attacks

MSSP Alert StaffFebruary 14, 2025

SecurityWeek reports that open-source database management system PostgreSQL has been impacted by a new zero-day flaw, tracked as CVE-2025-1094, which has been leveraged as part of the attacks against vulnerable BeyondTrust Remote Support systems that impacted the U.S. Treasury Department.

Vulnerability Management

Active Exploitation of Years-old ThinkPHP, ownCloud Bugs Spike

MSSP Alert StaffFebruary 13, 2025

BleepingComputer reports that attacks leveraging old critical ThinkPHP Framework and ownCloud file sharing and syncing platform vulnerabilities to facilitate arbitrary operating system command execution and data compromise have surged in recent days.

Patch/Configuration Management

Credential Exfiltration Possible With Check Point ZoneAlarm Driver Bug

Updated KEV Catalog From CISA Includes Edimax, NAKIVO, and SAP NetWeaver Bugs

Attacks With Newly Addressed Win32 Bug Ongoing For Two Years

Apple Addresses Actively-Exploited Zero-Day In WebKit Browser Engine

Targeting Of Critical PHP Vulnerability Expands Globally

Apple iOS Flaw Enables USB Lockout Evasion

New PostgreSQL Zero-Day Potentially Leveraged in BeyondTrust Attacks

Active Exploitation of Years-old ThinkPHP, ownCloud Bugs Spike

Fast Five

Selected by the SC Media Editorial team every Tuesday.

Cookies