patch

Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

Apr 10, 2025 by iHash Leave a Comment

Apr 10, 2025Ravie LakshmananContainer Security / Vulnerability Cybersecurity researchers have detailed a case of an incomplete patch for a previously addressed security flaw impacting the NVIDIA Container Toolkit that, if successfully exploited, could put sensitive data at risk. The original vulnerability CVE-2024-0132 (CVSS score: 9.0) is a Time-of-Check Time-of-Use (TOCTOU) … [Read more...] about Incomplete Patch in NVIDIA Toolkit Leaves CVE-2024-0132 Open to Container Escapes

April 2025 Patch Tuesday: Updates and Analysis

Apr 9, 2025 by iHash Leave a Comment

Actively Exploited Zero-Day Vulnerability in Windows Common Log File System CVE-2025-29824 is an Important elevation of privilege vulnerability affecting Windows Common Log File System and has a CVSS score of 7.8. This could allow a remote attacker to run arbitrary code on a victim machine after tricking a victim into either opening a malicious file from an email or … [Read more...] about April 2025 Patch Tuesday: Updates and Analysis

Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

Apr 8, 2025 by iHash Leave a Comment

Apr 08, 2025Ravie LakshmananNetwork Security / Vulnerability Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes. The vulnerability, tracked as CVE-2024-48887, carries a CVSS score of 9.3 out of a maximum of 10.0. "An unverified password change vulnerability … [Read more...] about Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw

March 2025 Patch Tuesday: Updates and Analysis

Mar 12, 2025 by iHash Leave a Comment

Actively Exploited Zero-Day Vulnerability in Microsoft Management Console Microsoft Management Console received a patch for CVE-2025-26633, which has a severity of Important and a CVSS score of 7.0. This RCE vulnerability could allow a remote attacker to run arbitrary code on a victim machine after tricking a victim into either opening a malicious file from an email or … [Read more...] about March 2025 Patch Tuesday: Updates and Analysis

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Feb 18, 2025 by iHash Leave a Comment

Feb 18, 2025Ravie LakshmananVulnerability / Network Security Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat … [Read more...] about New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

February 2025 Patch Tuesday: Updates and Analysis

Feb 12, 2025 by iHash Leave a Comment

Actively Exploited Zero-Day Vulnerability in Windows Ancillary Function Driver for WinSock Windows Ancillary Function Driver for WinSock received a patch for CVE-2025-21418, which has a severity of Important and a CVSS score of 7.8. Windows Ancillary Function Driver for WinSock is primarily responsible for handling network-related functions. This elevation of … [Read more...] about February 2025 Patch Tuesday: Updates and Analysis

January 2025 Patch Tuesday: Updates and Analysis

Jan 15, 2025 by iHash Leave a Comment

Actively Exploited Zero-Day Vulnerabilities in Windows Hyper-V NT Kernel Integration VSP Windows Hyper-V NT Kernel Integration VSP received patches for CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335, which all have a severity of Important and a CVSS score of 7.8. These elevation of privilege (EoP) vulnerabilities allow an attacker who successfully exploits them to gain … [Read more...] about January 2025 Patch Tuesday: Updates and Analysis

December 2024 Patch Tuesday: Updates and Analysis

Dec 11, 2024 by iHash Leave a Comment

Zero-Day Vulnerability (CVE-2024-49138) Exploit Observed in the Wild CVE-2024-49138 is a privilege escalation vulnerability within the Microsoft Windows Common Log File System (CLFS) driver, categorized as Important in severity. CrowdStrike Counter Adversary Operations discovered and privately reported this vulnerability to Microsoft, which subsequently acknowledged, … [Read more...] about December 2024 Patch Tuesday: Updates and Analysis

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Dec 10, 2024 by iHash Leave a Comment

Dec 10, 2024Ravie LakshmananVulnerability / Threat Analysis Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en … [Read more...] about Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Nov 28, 2024 by iHash Leave a Comment

Nov 28, 2024Ravie LakshmananIoT Security / Vulnerability Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code … [Read more...] about Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

iProVPN: 3-Year Subscription for $29

Apple AirPods Pro 2 with MagSafe USB-C Charging Case (Refurbished) for $159

Apple Mac mini M2 (Early 2023) 8GB RAM 256GB SSD (Refurbished) for $359

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299