A critical vulnerability in Microsoft Entra could have let hackers access any user account. The flaw affected key authentication processes, allowing normal security checks to be bypassed. Microsoft released a patch quickly, but accounts that are not updated remain exposed. Experts urge immediate action to protect sensitive information. Applying the latest updates promptly ensures personal…
CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able’s N-central remote monitoring and management (RMM) platform. N-central is commonly used by managed services providers (MSPs) and IT departments to monitor, manage, and maintain client networks and devices from a centralized web-based console. According to CISA, the two flaws can allow…
The five critical vulnerabilities were named “ReVault” by Talos, and are found in Broadcom’s ControlVault3 firmware, as well as associated Windows application programming interfaces (APIs) on a range of Dell business laptops. On June 13, Dell disclosed these vulnerabilities impacting Dell Pro, Latitude, and Precision laptop models. ControlVault3 is a hardware-based security module found in…
The vulnerability in question is tracked as CVE-2025-29824 and it was patched by Microsoft with its April 2025 Patch Tuesday updates. The flaw impacts the Windows Common Log File System (CLFS) and it can be exploited by an attacker to escalate privileges. On the day it released the patches, Microsoft revealed that CVE-2025-29824 had been exploited by…
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit…
Cisco has issued a security advisory regarding a critical remote code execution (RCE) vulnerability, dubbed “regreSSHion,” that affects multiple products. The vulnerability tracked as CVE-2024-6387, was disclosed by the Qualys Threat Research Unit on July 1, 2024. It impacts the OpenSSH server (sshd) in glibc-based Linux systems and has the potential to allow unauthenticated attackers…
Security alert, was issued for Samsung users on December 13, stating concern as high-risk and emphasised the urgency of updating the operating system or firmware in the existing Samsung mobile phones. Samsung Electronics has been notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual form the…
