Ivanti zero-days chained together in at least 3 attacks, authorities warn
Attackers exploited and chained multiple previously disclosed Ivanti Cloud Service Appliance vulnerabilities together in different sequences to intrude at least three victim organizations, federal officials said Wednesday in a joint advisory. The FBI and CISA said four vulnerabilities Ivanti disclosed in September and October were exploited by attackers to gain initial access, conduct remote code execution, obtain credentials and implant webshells on victim networks. READ MORE...
Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025
?The Pwn2Own Automotive 2025 hacking contest has ended with security researchers collecting $886,250 after exploiting 49 zero-days. Throughout the event, they targeted automotive software and products, including electric vehicle (EV) chargers, car operating systems (i.e., Android Automotive OS, Automotive Grade Linux, and BlackBerry QNX), and in-vehicle infotainment (IVI) systems. READ MORE...
QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app
QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. Rsync is an open-source file synchronization tool that supports direct file syncing via its daemon, SSH transfers via SSH, and incremental transfers that save time and bandwidth. It's widely used by many backup solutions like Rclone, DeltaCopy, and ChronoSync, as well as in cloud and server management operations and public file distribution. READ MORE...
SonicWall pushes urgent patch for its SMA appliance
A critical security flaw has been identified and potentially exploited in SonicWall's Secure Mobile Access (SMA) 1000 series appliances, sparking significant concern among cybersecurity experts and users worldwide. The vulnerability, registered as CVE-2025-23006, allows remote, unauthenticated attackers to execute arbitrary operating system commands under certain conditions. READ MORE...
Backdoor infecting VPNs used "magic packets" for stealth and security
When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can't be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what's known in the business as a "magic packet." On Thursday, researchers revealed that a never-before-seen backdoor that quietly took hold of dozens of enterprise VPNs running Junos OS has been doing just that. READ MORE...
Subaru Starlink Vulnerability Exposed Cars to Remote Hacking
A vulnerability in Subaru's Starlink connected vehicle service provided unrestricted access to the accounts of customers in the US, Canada, and Japan, security researcher Sam Curry says. Starlink, the in-vehicle infotainment system for Subaru vehicles, provided remote functionality that could be accessed from an administrator portal that only employees should have access to. READ MORE...
One of Salt Typhoon's favorite flaws still wide open on 91% of at-risk Exchange Servers
One of the critical security flaws exploited by China's Salt Typhoon to breach US telecom and government networks has had a patch available for nearly four years - yet despite repeated warnings from law enforcement and private-sector security firms, nearly all public-facing Microsoft Exchange Server instances with this vulnerability remain unpatched. According to Tenable, 91 percent of the nearly 30,000 openly reachable instances of Exchange have not been updated to close the hole. READ MORE...
- ...in 1908, the first Boy Scout troop is organized in England by Robert Baden-Powell.
- ...in 1947, singer-songwriter Warren Zevon ("Werewolves of London", "Lawyers, Guns and Money") is born in Chicago, IL.
- ...in 1978, comedian and cartoon voice artist Kristen Schaal ("Bob's Burgers", "Gravity Falls") is born in Longmont, CO.
- ...in 1984, the Apple Macintosh personal computer is first sold in the United States.
