At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of…
Security
WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing…
Global payment platform Adyen has confirmed it was the target of a Distributed-Denial-of-Service (DDoS) attack on April 21, 2025, which…
The Federal Bureau of Investigation (FBI) has released its latest Internet Crime Report for 2024, revealing a steep rise in…
The United Kingdom communications regulator Ofcom has finalized a comprehensive set of child safety rules under the Online Safety Act,…
The Baltimore City Public Schools system has confirmed a cybersecurity incident that compromised the personal information of certain individuals associated…
The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted…
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial…
Chinese artificial intelligence startup DeepSeek has come under intense scrutiny from South Korean authorities for allegedly transferring user data and…
As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025,…
Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to…
1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities
A significant increase in suspicious scanning activity targeting Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems, signaling a potential coordinated reconnaissance effort by threa …
Read more
Published Date:
Apr 24, 2025 (5 hours, 24 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-22457
SonicWall SSLVPN Vulnerability Let Remote Attackers Crash Firewall Appliances
SonicWall has disclosed a critical security vulnerability in its SSLVPN service that allows unauthenticated remote attackers to crash affected firewall appliances, potentially causing significant disr …
Read more
Published Date:
Apr 24, 2025 (2 hours, 53 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-32818
Understanding 2024 cyber attack trends
Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024.
Key trends and insights
In 2024, Mandiant handled …
Read more
Published Date:
Apr 24, 2025 (1 hour, 51 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-3400
CVE-2023-48788
CVE-2024-21887
CVE-2023-46805
CVE ID : CVE-2025-0639
Published : April 24, 2025, 8:15 a.m. | 2 hours, 28 minutes ago
Description : An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1908
Published : April 24, 2025, 8:15 a.m. | 2 hours, 28 minutes ago
Description : An issue has been discovered in GitLab EE/CE that could allow an attacker to track users’ browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-12244
Published : April 24, 2025, 8:15 a.m. | 2 hours, 28 minutes ago
Description : An issue has been discovered in access controls could allow users to view certain restricted project information even when related features are disabled in GitLab EE, affecting all versions from 17.7 prior to 17.9.7, 17.10 prior to 17.10.5, and 17.11 prior to 17.11.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1284
Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago
Description : The Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1 via the xc_woo_printer_preview AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user’s invoices and orders which can contain sensitive information.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2024-13307
Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago
Description : The Reales WP – Real Estate WordPress Theme theme for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the ‘reales_delete_file’, ‘reales_delete_file_plans’, ‘reales_add_to_favourites’, and ‘reales_remove_from_favourites’ functions in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary attachments, and add or remove favorite property listings for any user.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2579
Published : April 24, 2025, 9:15 a.m. | 1 hour, 28 minutes ago
Description : The Lottie Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via File uploads in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the uploaded file.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more…