Known Exploited Vulnerabilities and counting....
A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.
Begin by
Knowing
which assets are at risk.
Accurate
Inventory
is a fundamental security tool.
Inventory is an important aspect of cybersecurity because it helps organizations identify and manage their technology assets, which is crucial for securing their systems and data. Inventory helps with the identification of the devices, software, or configurations that can become a security risk. By maintaining a current inventory, organizations can quickly identify any unpatched devices or outdated software that requires updating or removal.
Common Vulnerability and Exposure
CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.
Zombie CVE?
When an older computer on your network is missing a security patch...
Due to the urgent risks they represent, KEVs are prioritized by software vendors and security organizations for patches and remediation.
Slasher CVE?
A small group of CVEs can cause a lot of damage. See which vendors have been targets...
Search Known Exploits
Vampire CVEs?
KEVs allow attackers to compromise systems and networks to conduct malicious activities like stealing data, installing ransomware, or creating botnets.
CVE = Common Vulnerability and Exposure
CVE OF THE WEEK:
Palo Alto Networks
PAN-OS
Patch deadline: 5 months ago on 01/20/2025
CVE-2024-3393
Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malformed DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability
Learn more about this CVE: paloaltonetworks.com
Cyber Security News
You may have missed...
*
Inside a cyberattack: How hackers steal data
The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...
Hackers leak 86 million AT&T customer records with 44 million social security numbers, report says
Illuminated AT&T logo sign on dark storefront awning, San Francisco, California, May 13. Looks like hackers just leaked AT&T data. Credit: Photo by .....
Men from Venezuela accused of stealing from hacked ATMs in Missouri - KMOV
On Wednesday, Berny Alberson Meza-Rojas, 22, and Anthony Brijan Sorondo, 31, were each indicted on one count of conspiracy to commit bank larceny.
Woodworker rebuilds business after Facebook hack derails five-year journey - WFMY News 2
After a devastating Facebook hack, Nate Shockley is rebuilding his global wood and epoxy art business one post at a time.
Hackers take over Chicago woman's Facebook page, post item after item for sale
That was the reality Melissa Whiteman Kingsbury of Chicago. Kingsbury said she received more than 25 calls and 30 text messages in the first hour ...
Men told woman her PayPal account was hacked, needed $55K for 'secured account'
Two men were arrested after trying to swindle a Newnan woman out of thousands of dollars.
China accuses Taiwan of running five feeble APT gangs, with US help - The Register
The authors who claimed America hacked itself to discredit Beijing are back with another report. icon Simon Sharwood. Thu 5 Jun 2025 // 04:49 UTC.
Chinese hackers broke into US telecom earlier than previously known, Bloomberg reports
Corporate investigators found evidence that Chinese hackers broke into a U.S. telecommunications company in the summer of 2023, indicating the ...
Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code
Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a ...
Updated daily