SAP released a patch for a critical 10.0 vulnerability in its NetWeaver Visual Composer product that it observed attackers exploiting, uploading malicious webshells.Security experts expressed concern because many Fortune 500 companies and large government agencies use SAP.In a blog post that originally ran April 22 and was updated April 25, ReliaQuest researchers said the bug … Read more
Mozilla patched a Firefox browser vulnerability that was discovered after a similar Google Chrome flaw was found to be actively exploited in potential espionage campaigns.The critical flaw, tracked as CVE-2025-2857, could enable an attacker to escape the Firefox browser’s sandbox protection on Windows machines due to an error in the browser’s inter-process communication (IPC) code, … Read more
Feb 12, 2025Ravie LakshmananNetwork Security / Vulnerability Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below – CVE-2024-38657 (CVSS score: 9.1) – External control of a file … Read more
QNAP on Jan. 23 issued patches for six bugs in the open-source Rsync software that helps manage its popular network-attached storage (NAS) devices that are primarily used for backup and disaster recovery. In its advisory, QNAP said the bugs affect HBS 3 Hybrid Backup Sync 25.1.x NAS devices, and recommended that customers update those systems … Read more
Industrial networking device maker Moxa on Jan. 3 released patches for two bugs in its cellular routers, secure routers, and network security appliances, many of which operate in the critical infrastructure sector. One of the bugs — CVE-2024-9140 — was a critical 9.3 flaw that could potentially allow a remote code execution (RCE), posing significant risk … Read more