🚨 CISA KEV 2[−]
14 Jan KEVCISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active AttacksThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitati…THEHACKERNEWS.COM
14 Jan KEVCISA Adds Four Known Exploited Vulnerabilities to CatalogCISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog , based on evidence of active exploitation. CVE-2024-55591 Fortinet FortiOS Authorization Bypass Vulnerability CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Bu…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 163[−]
14 JanMicrosoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit InstallationMicrosoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third…THEHACKERNEWS.COM
14 JanIvanti Releases Security Updates for Multiple ProductsIvanti released security updates to address vulnerabilities in Ivanti Avalanche, Ivanti Application Control Engine, and Ivanti EPM. CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Ivan…CISA.GOV
14 JanCVE-2021-45985 Mitre: CVE-2021-45985 Erroneous finalizer call in Lua leads to a heap-based buffer over-readThe following updates have been made: 1) Added Windows Software to the Security Updates table. Microsoft recommends updating to the latest version of their Windows operating system. 2) Added an FAQ to describe further actions customers need to take to be protected from this vulne…MSRC.MICROSOFT.COM
14 JanCVE-2024-50338 GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-managerInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21411 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21413 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21171 .NET Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21210 Windows BitLocker Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21214 Windows BitLocker Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21215 Secure Boot Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21233 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21234 Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21235 Windows PrintWorkflowUserSvc Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21236 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21237 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21239 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21241 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21242 Windows Kerberos Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21243 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21244 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21248 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21249 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21251 Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21252 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21255 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21257 Windows WLAN AutoConfig Service Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21258 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21260 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21263 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21265 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21266 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21268 MapUrlToZone Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21269 Windows HTML Platforms Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21270 Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21271 Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21272 Windows COM Server Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21277 Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21280 Windows Virtual Trusted Platform Module Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21281 Microsoft COM for Windows Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21282 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21284 Windows Virtual Trusted Platform Module Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21285 Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21288 Windows COM Server Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21289 Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21290 Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21291 Windows Direct Show Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21293 Active Directory Domain Services Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21294 Microsoft Digest Authentication Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21295 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21296 BranchCache Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21297 Windows Remote Desktop Services Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21298 Windows OLE Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21299 Windows Kerberos Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21301 Windows Geolocation Service Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21302 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21303 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21304 Microsoft DWM Core Library Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21306 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21309 Windows Remote Desktop Services Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21314 Windows SmartScreen Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21315 Microsoft Brokering File System Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21316 Windows Kernel Memory Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21318 Windows Kernel Memory Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21319 Windows Kernel Memory Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21320 Windows Kernel Memory Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21321 Windows Kernel Memory Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21327 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21176 .NET, .NET Framework, and Visual Studio Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21178 Visual Studio Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21173 .NET Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21341 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21344 Microsoft SharePoint Server Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21345 Microsoft Office Visio Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21346 Microsoft Office Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21348 Microsoft SharePoint Server Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21356 Microsoft Office Visio Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21357 Microsoft Outlook Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21363 Microsoft Word Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21364 Microsoft Excel Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21365 Microsoft Office Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21366 Microsoft Access Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21382 Windows Graphics Component Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21219 MapUrlToZone Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2024-7344 Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot BypassThis CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability.MSRC.MICROSOFT.COM
14 JanCVE-2025-21389 Windows upnphost.dll Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21393 Microsoft SharePoint Server Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21395 Microsoft Access Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21403 On-Premises Data Gateway Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21405 Visual Studio Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21278 Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21329 MapUrlToZone Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21328 MapUrlToZone Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21330 Windows Remote Desktop Services Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21220 Microsoft Message Queuing Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21335 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21193 Active Directory Federation Server Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21207 Windows Connected Devices Platform Service (Cdpsvc) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21202 Windows Recovery Environment Agent Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21187 Microsoft Power Automate Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21186 Microsoft Access Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21211 Secure Boot Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21213 Secure Boot Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21224 Windows Line Printer Daemon (LPD) Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21225 Windows Remote Desktop Gateway (RD Gateway) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21226 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21227 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21228 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21229 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21230 Microsoft Message Queuing (MSMQ) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21231 IP Helper Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21232 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21256 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21261 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21189 MapUrlToZone Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21273 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21274 Windows Event Tracing Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21275 Windows App Package Installer Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21276 Windows MapUrlToZone Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21286 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21287 Windows Installer Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21292 Windows Search Service Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21300 Windows upnphost.dll Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21305 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21307 Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21310 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21312 Windows Smart Card Reader Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21317 Windows Kernel Memory Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21323 Windows Kernel Memory Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21172 .NET and Visual Studio Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21324 Windows Digital Media Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21331 Windows Installer Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21336 Windows Cryptographic Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21338 GDI+ Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21339 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21340 Windows Virtualization-Based Security (VBS) Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21343 Windows Web Threat Defense User Service Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21360 Microsoft AutoUpdate (MAU) Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21361 Microsoft Outlook Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21370 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21372 Microsoft Brokering File System Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21374 Windows CSC Service Information Disclosure VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21378 Windows CSC Service Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21402 Microsoft Office OneNote Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21218 Windows Kerberos Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21313 Windows Security Account Manager (SAM) Denial of Service VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21332 MapUrlToZone Security Feature Bypass VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21326 Internet Explorer Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21311 Windows NTLM V1 Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21333 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21334 Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21246 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21417 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21250 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21240 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21238 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21223 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21409 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanCVE-2025-21245 Windows Telephony Service Remote Code Execution VulnerabilityInformation published.MSRC.MICROSOFT.COM
14 JanChromium: CVE-2025-0291 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2025 ) for more information.MSRC.MICROSOFT.COM
14 JanCVE-2025-21362 Microsoft Excel Remote Code Execution VulnerabilityUpdated one or more CVSS scores for the affected products. This is an informational change only.MSRC.MICROSOFT.COM
14 JanCVE-2025-21354 Microsoft Excel Remote Code Execution VulnerabilityUpdated one or more CVSS scores for the affected products. This is an informational change only.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 17[−]
14 JanMultiple Vulnerabilities in Fortinet Products Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered Fortinet Products, the most severe of which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. FortiOS is the F…CISECURITY.ORG
14 JanMultiple Vulnerabilities in Ivanti Avalanche Could Allow for Authentication BypassMultiple Vulnerabilities have been discovered in Ivanti Avalanche, the most severe of which could allow for authentication bypass . Ivanti Avalanche is a mobile device management system. Network security features allow one to manage wireless settings (including encryption and aut…CISECURITY.ORG
14 JanCritical Patches Issued for Microsoft Products, January 14, 2025Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, o…CISECURITY.ORG
14 JanMicrosoft: Happy 2025. Here’s 161 Security UpdatesMicrosoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped…KREBSONSECURITY.COM
14 JanGoogle OAuth Vulnerability Exposes Millions via Failed Startup DomainsNew research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google's OAuth login doesn't protect against someone purchasing a failed startup's domain …THEHACKERNEWS.COM
14 Jan4 Reasons Your SaaS Attack Surface Can No Longer be IgnoredWhat do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how yo…THEHACKERNEWS.COM
14 JanFortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed InterfacesThreat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new…THEHACKERNEWS.COM
14 Jan KEVMicrosoft January 2025 Patch Tuesday, (Tue, Jan 14th)This month&#;x26;#;39;s Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release,…ISC.SANS.EDU
14 JanCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) advisories on January 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-014-01 Hitachi Energy FOXMAN-UN ICSA-25-014-02 Schneider Electric …CISA.GOV
14 JanAdobe Releases Security Updates for Multiple ProductsAdobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Photoshop, Animate, and Illustrator for iPad. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourag…CISA.GOV
14 JanMicrosoft Releases January 2025 Security UpdatesMicrosoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply …CISA.GOV
14 JanCISA Releases the JCDC AI Cybersecurity Collaboration Playbook and Fact SheetToday, CISA released the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet to foster operational collaboration among government, industry, and international partners and strengthen artificial intelligence (AI) cybersecurity. The playbook provides voluntary informat…CISA.GOV
14 JanFortinet Releases Security Updates for Multiple ProductsFortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessar…CISA.GOV
14 JanCyberheistNews Vol 15 #02 [HEADS UP] Credential Phishing Increased by 703% in H2 2024KNOWBE4.COM
14 JanHackers are exploiting a new Fortinet firewall bug to breach company networksSecurity researchers say "tens" of Fortinet devices have been compromised so far as part of the weeks-long hacking campaign. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 JanHow Barcelona became an unlikely hub for spyware startupsBarcelona's mix of affordable cost of living and quality of life has helped create a vibrant startup community — and become a hotbed for the creation of surveillance technologies. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 JanBusKill (Dead Man Switch) Warrant Canary for 2025 H1submitted by buskill to cybersecurity -1 points | 0 comments https://buskill.in/canary-009/ This post contains a canary message that’s cryptographically signed by the official BusKill PGP release key The BusKill project just published their Warrant Canary #009 For more informatio…INFOSEC.PUB
📢 SECURITY ADVISORIES 1[−]
🔥 INCIDENT REPORTING 4[−]
14 JanThe First Password on the InternetIt was created in 1973 by Peter Kirstein: So from the beginning I put password protection on my gateway. This had been done in such a way that even if UK users telephoned directly into the communications computer provided by Darpa in UCL, they would require a password. In fact th…SCHNEIER.COM
14 JanDOJ confirms FBI operation that mass-deleted Chinese malware from thousands of US computersThe FBI says it was authorized to mass-remove “PlugX” malware from more than 4,000 compromised machines in the United States © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 JanUK plans to ban public sector organizations from paying ransomware hackersThe Home Office has proposed a 'targeted ban' on ransom payments following a wave a cyberattacks targeting the UK © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 JanInvestigating A Web Shell Intrusion With Trend Micro™ Managed XDRThis blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data.TRENDMICRO.COM
🕵️ THREAT INTELLIGENCE 4[−]
14 JanUpcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak: I’m speaking on “AI: Trust & Power” at Capricon 45 in Chicago, Illinois, USA, at 11:30 AM on February 7, 2025. I’m also signing books there on Saturday, February 8, starting at 1:45 PM. I’m speaking at Boskone …SCHNEIER.COM
14 JanRussian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE MalwareRussia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia. The campaign has been assessed to be the work of an intrusion set dubbed UA…THEHACKERNEWS.COM
14 JanNorth Korea stole over $659M in crypto heists during 2024, deployed fake job seekersA joint international statement provides the first official confirmation that North Korea was behind the $235M hack of WazirX, India's largest cryptocurrency exchange. © 2024 TechCrunch. All rights reserved. For personal use only.TECHCRUNCH.COM
14 JanWhy do software vendors have such deep access into customer systems?To the naked eye, organizations are independent entities trying to make their individual mark on the world. But that was never the reality. Companies rely on other businesses to stay up and running. A grocery store needs its food suppliers; a tech company relies on the business m…SECURITYINTELLIGENCE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
14 JanIllicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto TransactionsThe Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. The figures, released by block…THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
14 JanThe AI Fix #33: AI’s deliberate deceptions, and Elon’s “unhinged” modeIn episode 33 of The AI Fix, our hosts watch a robot fall over, ChatGPT demonstrates that it can't draw a watch face but it can fire a gun, a man without a traffic cone gets trapped in his Waymo taxi, Graham discovers what social robots are, and both hosts watch horrified as some…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 2[−]
14 JanPasswords 101: don’t enter your passwords just anywhere they’re asked for | Kaspersky official blogLearn how to distinguish a fraudulent site from a real one.KASPERSKY.COM
14 JanProtecting children online: Where Florida’s new law falls shortSome of the state’s new child safety law can be easily circumvented. Should it have gone further?WELIVESECURITY.COM