Known Exploited Vulnerabilities and counting....
A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.
Common Vulnerability and Exposure
CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.
Search Known Exploits
Search for CVEs by vendor to identify known exploited vulnerabilities in your environment
CVE = Common Vulnerability and Exposure
CVE OF THE WEEK:
Palo Alto Networks
PAN-OS
Patch deadline: a year ago on 01/20/2025
CVE-2024-3393
Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malformed DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability
Learn more about this CVE: paloaltonetworks.com
Cyber Security News
You may have missed...
*
Inside a cyberattack: How hackers steal data
The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...
Security Vulnerability Discovered in Anthropic's Claude Code - Binance
23pds noted that phishing hackers have already exploited this vulnerability to target cryptocurrency users. Disclaimer: Includes third-party opinions.
Why Cambodia Handed Over a Man Accused of Stealing Billions in Crypto Scam
In a statement, China's Ministry of Public Security called the arrest “another great achievement under China-Cambodia law enforcement cooperation.”.
CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity
WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the successful retirement of ten Emergency Directives issued...
The U.K.'s Plan for Electronic Eavesdropping Poses Cybersecurity Risks | Lawfare
The U.K. government's latest attempt to access encrypted cloud backups could allow adversarial actors to gain access to sensitive data.
The 2 faces of AI: How emerging models empower and endanger cybersecurity
AI helps security teams move faster — but it's also helping attackers do the same, turning cybersecurity into a race of machines versus machines.
ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft ...
This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency's Emergency Directive 24-02: Mitigating the ...
Hackers abuse Google Cloud to send trusted phishing emails - Fox News
Cybercriminals exploited Google Cloud Application Integration to send over 9000 phishing emails to 3200 organizations across multiple continents.
Russia frees French researcher in prisoner swap for alleged ransomware hacker
Laurent Vinatier, a French researcher serving a three-year prison sentence in Russia for violating Moscow's foreign agent laws, has been freed as ...
Updated daily