The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Gladinet CentreStack to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation… Read More »CISA Warns of CentreStack’s Hard-Coded MachineKey Vulnerability Enabling RCE Attacks
Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of… Read More »PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware
Microsoft has released security fixes to address a massive set of 126 flaws affecting its software products, including one vulnerability that it said has been actively exploited in the wild.… Read More »Microsoft Patches 126 Flaws Including Actively Exploited Windows CLFS Vulnerability
Adobe has released security updates to fix a fresh set of security flaws, including multiple critical-severity bugs in ColdFusion versions 2025, 2023 and 2021 that could result in arbitrary file read… Read More »Adobe Patches 11 Critical ColdFusion Flaws Amid 30 Total Vulnerabilities Discovered
Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a… Read More »Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw
Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate… Read More »Cryptocurrency Miner and Clipper Malware Spread via SourceForge Cracked Software Listings
Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege… Read More »Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal
The Computer Emergency Response Team of Ukraine (CERT-UA) has revealed a new set of cyber attacks targeting Ukrainian institutions with information-stealing malware. The activity is aimed at military formations, law… Read More »UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
Security Operations Centers (SOCs) today face unprecedented alert volumes and increasingly sophisticated threats. Triaging and investigating these alerts are costly, cumbersome, and increases analyst fatigue, burnout, and attrition. While artificial… Read More »Agentic AI in the SOC – Dawn of Autonomous Alert Triage
A recently disclosed critical security flaw impacting CrushFTP has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog after reports emerged… Read More »CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation