Known Exploited Vulnerabilities and counting....
A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.
Common Vulnerability and Exposure
CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.
Search Known Exploits
Search for CVEs by vendor to identify known exploited vulnerabilities in your environment
CVE = Common Vulnerability and Exposure
CVE OF THE WEEK:
Palo Alto Networks
PAN-OS
Patch deadline: a year ago on 01/20/2025
CVE-2024-3393
Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malformed DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability
Learn more about this CVE: paloaltonetworks.com
Cyber Security News
You may have missed...
*
Inside a cyberattack: How hackers steal data
The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...
Federal agencies abruptly pull out of RSAC after organizer hires Easterly
The decision fits a pattern of government withdrawal from the cybersecurity community under the Trump administration.
Cybercrime group claims credit for voice phishing attacks - Cybersecurity Dive
Researchers from Sophos told Cybersecurity Dive they are tracking a cluster of about 150 domains created in December and used in voice phishing ...
Russian state hackers likely behind wiper malware attack on Poland's power grid
A major cyberattack that nearly cut electricity to half-a-million people in Poland last year was reportedly carried out by the Russia-linked hacking
Savannah Best Buy employee says 'hacker group' forced him into theft ring scheme - WJCL
Allen told police he was being blackmailed by a “hacker group” and claimed he received emails directing him to let specific people leave with ...
Saudi dissident awarded $4.1 million by UK court for hacking, assault 'by Saudi Arabia'
The 45-year-old satirist, who has lived in Britain since ‍2003 and been granted asylum, said discovering he had been hacked caused severe depression ....
Sadie Frost says Mail put 'price on my head' for stories - BBC
The actress said she had been 'violated' by journalists allegedly hacking her phone, in her case against the paper's publisher.
Quantum Computing's Impact on Cryptocurrency Overstated, Says a16z - Binance
It also notes that in the foreseeable future, traditional security issues such as code defects, side-channel attacks, and fault injections should take...
GameStop 'likely to sell' Bitcoin holdings, Ethereum prepares for quantum: Hodler's Digest, Jan. 18
The Ethereum Foundation has made post-quantum security a central focus of the networks long-term roadmap, announcing the formation of a dedicated Post...
Updated daily