On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical security vulnerability affecting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog. This action was taken in light of evidence indicating ongoing exploitation of this flaw. Identified as CVE-2024-23113, this vulnerability has a CVSS…
Governance & Risk Management, Network Firewalls, Network Access Control, Security Operations Audit Challenges, Legacy Policies, and Limited Scope Disrupt Microsegmentation Adoption Suparna Goswami (gsuparna) • November 6, 2025 Despite its promise for architectural clarity, microsegmentation often introduces operational complexities and challenges related to policy management, audits, and mounting technical debt.…
Cyberwarfare / Nation-State Attacks, Fraud Management & Cybercrime, Governance & Risk Management Unpatched Devices Since October 2023 Exhibit Vulnerabilities Prajeet Nair (@prajeetspeaks) • November 3, 2025 Image: Anucha Cheechang/Shutterstock The Australian Cyber Security Centre (ACSC) has issued a warning regarding ongoing attacks on unpatched Cisco IOS XE enterprise devices. Cybercriminals…
Uber Technologies Inc. has recently acknowledged a security breach affecting its internal computer systems, first reported late Thursday. The company stated that there is currently “no evidence” suggesting that sensitive user data, such as trip history, has been accessed during the incident. In a public statement, Uber clarified, “We have…
This week’s cybersecurity highlights draw attention to rising threats stemming from misconfigurations, software vulnerabilities, and sophisticated malware. The incidents outlined below require the immediate focus of IT teams and business executives. ISC has addressed CVE-2025-5470 in BIND 9, a denial-of-service vulnerability impacting versions 9.16.0 to 9.18.26. The vulnerability enables server…
Cisco Issues Critical Updates for Vulnerability in Adaptive Security Appliance Cisco Systems announced today that it has rolled out urgent security updates to address a significant vulnerability in its Adaptive Security Appliance (ASA) that has been actively exploited. This issue could result in a denial-of-service (DoS) condition, impacting the Remote…
Cisco has issued security updates to mitigate a critical vulnerability identified in its Ultra-Reliable Wireless Backhaul (URWB) Access Points. This flaw poses a risk that could allow unauthenticated, remote attackers to execute commands with elevated privileges on affected devices. Cataloged as CVE-2024-20418, with a maximum CVSS score of 10.0, the…
A recent report highlights the cyber espionage group APT41, tied to a series of malware campaigns that leverage COVID-themed phishing strategies to target individuals in India. This revelation comes from an analysis by the BlackBerry Research and Intelligence team, which has connected various aspects of the group’s operational infrastructure. According…
On November 12, 2024, Microsoft disclosed that two significant security vulnerabilities affecting Windows NT LAN Manager (NTLM) and Task Scheduler have been actively exploited in the wild. These vulnerabilities were part of the November Patch Tuesday update, which addressed a total of 90 security flaws across Microsoft products. Among the…
