China-aligned PlushDaemon APT compromises supply chain of Korean VPN
ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this …
Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282)
The zero-day attacks leveraging the Ivanti Connect Secure (ICS) vulnerability (CVE-2025-0282) made public on Wednesday were first spotted in mid-December 2024, Mandiant …
Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)
NEW STORY: Thursday, January 9, 07:30 ET Ivanti Connect Secure zero-day exploited since mid-December (CVE-2025-0282) Ivanti has fixed two vulnerabilities affecting Ivanti …
Researchers reveal exploitable flaws in corporate VPN clients
Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be …
Attackers are probing Check Point Remote Access VPN devices
Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. Their ultimate goal is to use …
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on …
56% of cyber insurance claims originate in the email inbox
56% of all 2023 claims were a result of funds transfer fraud (FTF) or business email compromise (BEC), highlighting the importance of email security as a critical aspect of …
Ivanti vows to transform its security operating model, reveals new vulnerabilities
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also …
Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)
Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be …
1,700 Ivanti VPN devices compromised. Are yours among them?
Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional …
Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)
Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers …
Google Play will mark independently validated VPN apps
Android VPN apps that have gone through an independent security validation will now be able to claim that distinction on Google Play with a prominent badge in their Data …
Featured news
Resources
Don't miss
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
- Casio UK site compromised, equipped with web skimmer
- Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities
- Why logs aren’t enough: Enhancing SIEM with AI-driven NDR
- Aim for crypto-agility, prepare for the long haul