Known Exploited Vulnerabilities and counting....
A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.
Common Vulnerability and Exposure
CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.
Search Known Exploits
Search for CVEs by vendor to identify known exploited vulnerabilities in your environment
CVE = Common Vulnerability and Exposure
CVE OF THE WEEK:
Palo Alto Networks
PAN-OS
Patch deadline: a year ago on 01/20/2025
CVE-2024-3393
Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malformed DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability
Learn more about this CVE: paloaltonetworks.com
Cyber Security News
You may have missed...
*
Inside a cyberattack: How hackers steal data
The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...
What makes bitcoin different from traditional money? | The Jerusalem Post
Core: BTC, ETH. Satellites only after 6 months. Why guess when automation compounds discipline? Custody and security: Self-custody with Ledger or ...
Inside South Korea's crypto shock: Upbit announces 99% cold-storage security overhaul
This is one of the most aggressive crypto security moves ever. Source: Dunamu. The exchange currently keeps over 98% of funds offline, and now ...
57 health systems ask HHS to rescind cybersecurity rule - Becker's Hospital Review
In a letter to HHS Secretary Robert F. Kennedy Jr., the organizations said the cybersecurity proposal “would place substantial new financial burdens ....
Microsoft Issues Security Fixes for 56 Flaws, Including Active Exploit and Two Zero-Days
The exploitation of CVE-2025-62221 has prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited ...
React Server Components crisis escalates as security teams respond to compromises
The Cybersecurity and Infrastructure Security Agency updated an advisory linked to the vulnerability and asked security teams to check for signs of .....
Asahi's beer sales worsen in November as hack disruption lingers - The Japan Times
Asahi aims for its supply chain to be largely restored by February after the September ransomware attack shut down key internal systems.
US extradites Ukrainian accused of hacking for Russia - The Register
A Ukrainian woman accused of hacking US public drinking water systems and a meat processing facility on behalf of Kremlin-backed cyber groups was ...
2 Men Linked to China's Salt Typhoon Hacker Group Likely Trained in a Cisco 'Academy'
The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program—years ...
Updated daily