Tag: informationsecurity

30/06/2025

Week 26 – What if the zero-trust provider can’t be trusted?

23 – 29 June 2025 The blast radius of a compromised security solution is always massive — just like the Cisco ISE API vulnerabilities featured in this post from our CVE of the Week series. Cisco’s ISE (Identity Services Engine) is the Network Access Control 

CVE of the Week
-
by White Hat IT Security
Week 25 – Two severe vulnerabilities in SUSE Linux system
20/06/2025

Week 25 – Two severe vulnerabilities in SUSE Linux system

16 – 22 June 2025 It’s Friday again, which for some people means throwing a party to let the stress out after a long week at work. Not for engineers responsible for securing SUSE Linux systems, though. SUSE is a distribution loved by many desktop 

CVE of the Week
-
by White Hat IT Security
Week 24 – Critical vulnerability in Windows is fixed on Patch Tuesday
13/06/2025

Week 24 – Critical vulnerability in Windows is fixed on Patch Tuesday

09 – 15 June 2025 After our last CVE of the Week post exploring a critical vulnerability in the open source landscape, we are back again in the Microsoft ecosystem, as it’s just past Patch Tuesday, which keeps on giving (and more importantly, fixing) weaknesses 

CVE of the Week
-
by White Hat IT Security
Week 23 – Critical flaw in Roundcube
10/06/2025

Week 23 – Critical flaw in Roundcube

02 – 08 June 2025 Open-source enthusiast sysadmins might be familiar with Roundcube, one of the most popular webmail clients deployed, to be exact, Shodan currently lists over 160,000 publicly available instances. Unfortunately, it has now become the subject of our regular CVE of the 

CVE of the Week
-
by White Hat IT Security
30/05/2025

Week 22 – High severity vulnerability affects Versa Concerto

26 May – 01 June 2025 Our new CVE of the Week is high severity vulnerability, CVE-2025-34027, has been identified and is making waves across the cybersecurity landscape. It affects Versa Concerto, an orchestrator and interface to configure and monitor Versa OS devices in Secure 

CVE of the Week
-
by White Hat IT Security
23/05/2025

Week 21 – Multiple high-severity vulnerabilities in VMware Cloud Foundation

19 – 15 May 2025 Multiple high-severity vulnerabilities were responsibly disclosed in VCF by Gustavo Bonito of the NATO Cyber Security Centre. From among these, our #CVEOfTheWeek is CVE-2025-41229. This is a Directory Traversal vulnerability, which might allow a malicious actor with network access to 

CVE of the Week
-
by White Hat IT Security
16/05/2025

Week 20 – Critical elevation of privilege vulnerability in Azure DevOps

12 – 18 May 2025 A critical elevation of privilege vulnerability has been found in Azure DevOps, published on May 8, 2025, and updated with more details 2 days later on May 10, 2025. It has a CVSS score of 10.0! It’s not often that 

CVE of the Week
-
by White Hat IT Security
09/05/2025

Week-19 – A critical security vulnerability in the OpenCTI Platform

05 – 11 May 2025 A critical security vulnerability has been identified in the OpenCTI Platform which is designed to structure, store, organize and visualize technical and non-technical information about cyber threats. This vulnerability, tracked as CVE-2025-24977 is our new CVEofTheWeek with an assigned CVSS 

CVE of the Week
-
by White Hat IT Security
Week 18 – SAP NetWeaver’s Visual Composer component
02/05/2025

Week 18 – SAP NetWeaver’s Visual Composer component

White Hat IT Security’s CVE Of The Week, CVE-2025-31324, is a critical zero-day vulnerability affecting SAP NetWeaver’s Visual Composer component

CVE of the Week
-
by test user
Cyber (In)Securities – Issue 128
28/02/2025

Cyber (In)Securities – Issue 128

Information Security News 89% of Enterprise GenAI Usage Is Invisible to Organizations, Exposing Critical Security Risks The Hacker NewsA new report reveals that a staggering 89% of generative AI usage within enterprises remains undetected, exposing organisations to severe security risks. This covert AI activity can 

Recent Digests
-
by Cyan Staff