Common Vulnerabilities and Exposures (CVE) stories - Page 2

Australia has climbed to fourth place globally for cyberattacks on critical infrastructure, as a report reveals a surge in diverse threats targeting various sectors.

The Forum of Incident Response and Security Teams predicts a staggering 45,505 reported vulnerabilities for 2025, marking an 11% rise from 2024.

The FBI and CISA have alerted organisations to increased cyber threats from China's Ghost ransomware group, affecting over 70 countries through outdated software.

Microsoft has patched 56 vulnerabilities in its February 2025 update, including two now exploited, marking a fifth month of no critical zero-days released.

In a significant shift, 90% of Australian firms are eyeing alternatives to Oracle Java, citing concerns over its pricing and cloud inefficiencies, according to a new survey.

Rapid7 has revealed a critical SQL injection vulnerability in PostgreSQL's psql tool, potentially exposing users to severe security risks.

GitHub has partnered with Endor Labs, integrating advanced security software to help developers swiftly identify and manage critical vulnerabilities within the platform.

Akamai's security team has revealed a serious flaw in Kubernetes, allowing remote code execution on Windows endpoints, posing significant risks to clusters.

Zyxel Networks has won the 2024 Cyber Security Award for Innovation for its USG FLEX 200HP Security Firewall, enhancing global digital resilience.

A major data leak impacting Fortinet firewalls has revealed sensitive information from 15,000 devices following a critical vulnerability, prompting urgent cybersecurity measures.

As experts forecast 2025's cybersecurity trends, organisations are urged to enhance their defences against evolving AI-driven threats and embrace unified security solutions.

On January's Patch Tuesday, Microsoft revealed 161 vulnerabilities, including eight under active exploitation, with no browser flaws noted this month.

Microsoft has unveiled its January 2025 Patch Tuesday update, tackling a record 157 vulnerabilities, including eight critical zero-day flaws.

In 2025, organisations must navigate the complexities of AI integration in software development, balancing innovation with security and skilled developer support.

Mandiant unveils a critical zero-day vulnerability in Ivanti Connect Secure VPN appliances, exploited since December 2024 by a suspected China-linked group.

Ivanti has alerted users that the CVE-2025-0282 zero-day vulnerability in Connect Secure is being actively exploited, with patches now available.

Ivanti has announced critical patches for two vulnerabilities in its Connect Secure and Policy Secure products, one of which is already under active exploitation.

Chris Hughes predicts that open source software adoption will grow in 2025, alongside sophisticated attacks and challenges in governance and security.

CloudSEK's 2024 Threat Landscape Report reveals a staggering 994TB of data exfiltrated, with ransomware demands averaging over USD $2 million.

Rapid7's analysis of the 2024 cyber threat landscape reveals alarming trends in ransomware and vulnerability exploits impacting organisations worldwide.