Ivanti publicly disclosed two critical vulnerabilities CVE-2025-0282 and CVE-2025-0283 affecting its Connect Secure (ICS) VPN appliances. The announcement comes amidst alarming reports of active zero-day exploitation of CVE-2025-0282, identified by cybersecurity firm Mandiant as having begun in mid-December 2024. The exploitation has raised concerns about potential network breaches and downstream compromises for affected organizations. CVE-2025-0282, The post Hackers Actively Exploited Ivanti VPN 0-Day Vulnerability (CVE-2025-0282): Technical Analysis appeared first on Cyber Security News.

Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2

The Wireshark Foundation has announced the release of Wireshark 4.4.3, the latest version of the world’s most popular network protocol analyzer. This update brings a host of bug fixes and protocol support improvements, enhancing the tool’s capabilities for network troubleshooting, analysis, development, and education. What is Wireshark? Wireshark is a powerful, open-source network analysis tool The post Wireshark 4.4.3 Released – What’s New! appeared first on Cyber Security News.

Ivanti has disclosed actively exploiting a critical zero-day vulnerability, CVE-2025-0282, in its Connect Secure VPN appliances. This vulnerability allows unauthenticated remote code execution and has already been exploited in a limited number of cases. A second vulnerability, CVE-2025-0283, which enables local privilege escalation, has also been identified but is not known to have been exploited. The post Ivanti VPN Zero-Day Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data — and recognizes a right to personal privacy.

The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.

Cyberattackers injected the NFL Wild Card team’s online Pro Shop with malicious code to steal credit-card data from 8,500 fans.

Cybersecurity researchers have found that bad actors are continuing to have success by spoofing sender email addresses as part of various malspam campaigns. Faking the sender address of an email is widely seen as an attempt to make the digital missive more legitimate and get past security mechanisms that could otherwise flag it as malicious. While there are safeguards such as DomainKeys

“Where Warlocks Stay Up Late” project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.

Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.

The CVE® Program has announced a significant expansion of its collaboration with Thales Group to strengthen the management and assignment of CVE Identifiers (CVE IDs) and the publication of CVE Records. As part of this development, Thales Group has been officially designated as a “Root” for products and technologies of its subsidiaries. Thales Group’s New The post CVE Partnership with Thales Group as a Designated Root for Vulnerability Management appeared first on Cyber Security News.

Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding three critical vulnerabilities that are currently being exploited in the wild. These vulnerabilities affect Mitel MiCollab and Oracle WebLogic Server systems, posing significant risks to organizations and federal agencies. Mitel MiCollab Vulnerabilities Two of the vulnerabilities impact Mitel MiCollab, a widely used The post CISA Warns of Three Vulnerabilities Actively Exploited in Attacks appeared first on Cyber Security News.