May 31, 2025
Random News

Securitydive

Data Security

Tag: Vulnerabilities

Picus Security announces Exposure Validation capability & Exposure Score metric

admin02 mins

PICUS security today announced Picus Exposure Validation, allowing security teams to verify the exploitability of vulnerabilities based on their unique environments. The new capability continuously tests security controls against real-world attack techniques, identifying which vulnerabilities are truly exploitable and which can safely be deprioritized. Picus also announced the Picus Exposure Score, an evidence-based, context-aware metric…

Read More

CISA revamps How it Disperses Security Advisories & Updates

admin04 mins

The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday said it is officially changing the way it disseminates online security updates and guidance. CISA says the enhanced information dissemination system will from now on use social media and email only to disperse cybersecurity alerts and advisories, saving its landing page for more critical warnings. Critical warnings are…

Read More

Nissan Leaf Hacked for Remote Spying, Physical Takeover; Vulnerabilities found

admin03 mins

vulnerabilities affecting the Nissan Leaf electric vehicle Researchers have demonstrated that a series of vulnerabilities affecting the Nissan Leaf electric vehicle can be exploited to remotely hack the car, including for spying and the physical takeover of various functions.  The research was conducted by PCAutomotive, a company that offers penetration testing and threat intelligence services…

Read More

Palo Alto Networks Expedition Tool Vulnerability Exposes Cleartext Firewall Passwords

admin03 mins

Palo Alto Networks has disclosed multiple critical security vulnerabilities in its Expedition migration tool, including a concerning OS command injection flaw that enables attackers to execute arbitrary commands and access sensitive firewall credentials. The command injection vulnerability (CVE-2025-0107) allows authenticated attackers to run arbitrary OS commands as the www-data user, potentially exposing usernames, cleartext passwords, device…

Read More

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

admin03 mins

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. Cisco described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return…

Read More