Tag: informationsecurity

Week 23 – Critical flaw in Roundcube
10/06/2025

Week 23 – Critical flaw in Roundcube

02 – 08 June 2025 Open-source enthusiast sysadmins might be familiar with Roundcube, one of the most popular webmail clients deployed, to be exact, Shodan currently lists over 160,000 publicly available instances. Unfortunately, it has now become the subject of our regular CVE of the 

CVE of the Week
-
by White Hat IT Security
30/05/2025

Week 22 – High severity vulnerability affects Versa Concerto

26 May – 01 June 2025 Our new CVE of the Week is high severity vulnerability, CVE-2025-34027, has been identified and is making waves across the cybersecurity landscape. It affects Versa Concerto, an orchestrator and interface to configure and monitor Versa OS devices in Secure 

CVE of the Week
-
by White Hat IT Security
23/05/2025

Week 21 – Multiple high-severity vulnerabilities in VMware Cloud Foundation

19 – 15 May 2025 Multiple high-severity vulnerabilities were responsibly disclosed in VCF by Gustavo Bonito of the NATO Cyber Security Centre. From among these, our #CVEOfTheWeek is CVE-2025-41229. This is a Directory Traversal vulnerability, which might allow a malicious actor with network access to 

CVE of the Week
-
by White Hat IT Security
16/05/2025

Week 20 – Critical elevation of privilege vulnerability in Azure DevOps

12 – 18 May 2025 A critical elevation of privilege vulnerability has been found in Azure DevOps, published on May 8, 2025, and updated with more details 2 days later on May 10, 2025. It has a CVSS score of 10.0! It’s not often that 

CVE of the Week
-
by White Hat IT Security
09/05/2025

Week-19 – A critical security vulnerability in the OpenCTI Platform

05 – 11 May 2025 A critical security vulnerability has been identified in the OpenCTI Platform which is designed to structure, store, organize and visualize technical and non-technical information about cyber threats. This vulnerability, tracked as CVE-2025-24977 is our new CVEofTheWeek with an assigned CVSS 

CVE of the Week
-
by White Hat IT Security
Week 18 – SAP NetWeaver’s Visual Composer component
02/05/2025

Week 18 – SAP NetWeaver’s Visual Composer component

White Hat IT Security’s CVE Of The Week, CVE-2025-31324, is a critical zero-day vulnerability affecting SAP NetWeaver’s Visual Composer component

CVE of the Week
-
by test user
Cyber (In)Securities – Issue 128
28/02/2025

Cyber (In)Securities – Issue 128

Information Security News 89% of Enterprise GenAI Usage Is Invisible to Organizations, Exposing Critical Security Risks The Hacker NewsA new report reveals that a staggering 89% of generative AI usage within enterprises remains undetected, exposing organisations to severe security risks. This covert AI activity can 

Recent Digests
-
by Cyan Staff
Week 9 – Palo Alto PAN-OS Authentication Bypass
24/02/2025

Week 9 – Palo Alto PAN-OS Authentication Bypass

03-10 March 2025 Palo Alto PAN-OS authentication bypass exploited in the wild: CVE-2025-0108 This week’s #CVEofTheWeek is about an actively exploited critical Authentication Bypass vulnerability in Palo Alto PAN-OS. PAN-OS is the software that runs all Palo Alto Networks Next-Generation Firewalls (NGFW). The high-level properties 

CVE of the Week
-
by test user
State of (Cyber)War Ep. 8.2 – Military Cryptology, Part II
20/01/2025

State of (Cyber)War Ep. 8.2 – Military Cryptology, Part II

Hugo Tarrida and John Salomon talk about the history of military encryption, from the Cold War until today, part of CyAN’s State of (Cyber)War podcast series.

The CyAN Blog
-
by Cyan Staff
New Podcast: Military Cryptology, Part I
16/01/2025

New Podcast: Military Cryptology, Part I

Cryptography and Cryptanalysis – Military Applications From Antiquity to the End of World War II Join our motivated more-or-less informed amateurs Hugo Tarrida and John Salomon for the latest in our State of (Cyber)War series, part of CyAN’s Secure in Mind video and podcast network. 

The CyAN Blog
-
by Cyan Staff