Paracel Cyber Alerts
Paracel Cyber Alerts
Medixant Releases Security Update for RadiAnt DICOM Viewer
Successful exploitation of CVE-2025-1001 could allow an attacker to perform a machine-in-the-middle attack (MITM)
Proof-of-Concept Exploits Released for RSync Vulnerabilities
Vulnerabilities in RSync could allow an attacker to execute arbitrary code or perform path traversal
Security updates released for PostgreSQL
Proof-of-concept exploit code released for SQL injection vulnerability CVE-2025-1094
Critical Zero-day Vulnerabilities in VMware ESXi, Workstation, and Fusion
Broadcom has addressed three exploited vulnerabilities that, when chained, can allow an attacker to access the hypervisor throu...
Cisco Releases Security Advisories for Cisco IOS XR Software
10 security advisories address multiple vulnerabilities, including seven high and three medium severity advisories
Proof-of-Concept Exploit Released for Vulnerability CVE-2024-49113 in Microsoft Windows LDAP
Security researchers have published a PoC for DoS vulnerability CVE-2024-49113 and additional information on their attempts to ...
Proof-of-Concept Exploit Released for CVE-2024-40725 in Apache HTTP Server
CVE-2024-40725 could lead to source code disclosure of local scripts running on the server
Multiple Vulnerabilities in Redis
Security updates fix two vulnerabilities that could lead to RCE and denial-of-service
Multiple Vulnerabilities in SonicOS
SonicWall releases security update to address four vulnerabilities in SonicOS
Active Exploitation of Zero-Day Vulnerability in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways
CVE-2025-0282 could allow an unauthenticated attacker to achieve RCE and is under active exploitation. Patches also fix CVE-202...
SAP Releases January 2025 Updates
Updates address two critical vulnerabilities which could lead to information disclosure or privilege escalation, and fourteen o...
Active Exploitation of Zero-Day Vulnerability CVE-2024-55591 in FortiOS and FortiProxy
CVE-2024-55591 could allow an unauthenticated remote attacker to gain super-admin privileges
Fortinet Releases Security Advisory for FortiSwitch
Exploitation of critical vulnerability CVE-2023-37936 could allow an unauthenticated attacker to perform RCE
Ivanti Releases January 2025 Updates for EPM
Updates address 4 critical and 12 high severity vulnerabilities
Microsoft Releases January 2025 Security Updates
Scheduled updates for Microsoft products, including security updates for 159 vulnerabilities, with three reported as actively e...
Proof-of-Concept Exploit Released for CVE-2024-53691 in QNAP QTS and QuTS NAS
Security researchers claim CVE-2024-53691 could lead to RCE
Exploitation of Critical Vulnerability CVE-2025-23006 in SonicWall SMA1000 Series Appliances
Exploitation could lead to execution of arbitrary OS commands in SonicWall SMA1000 Series Appliances
Active Exploitation Reported for CVE-2025-0411 in 7-Zip
Observed exploitation has involved targeted spear-phishing campaigns, using homoglyph attacks to spoof document extensions to l...
Apple Releases Security Updates for Multiple Products
Security updates include remediation for an exploited zero-day privilege escalation vulnerability affecting iOS, iPadOS, and ma...
Potential Backdoor Embedded in Contec Health CMS8000 Patient Monitor Firmware
CISA has found evidence of Contec CMS8000 and re-labelled Epsimed MN-120 devices beaconing to a public IP address
TeamViewer Releases Security Updates for Privilege Escalation Vulnerability
A vulnerability has been discovered in the TeamViewer Clients for Windows
Cisco Releases Security Advisories for Multiple Products
Nine security advisories address multiple vulnerabilities, including one critical and two high severity advisories
MicroDicom Releases DICOM Viewer Software Update
A privileged attacker could exploit CVE-2025-1002 to alter network traffic and perform a machine-in-the-middle attack
Proof-of-Concept Exploit for AnyDesk Vulnerability (CVE-2024-12754)
Exploitation of this vulnerability could allow an attacker to read arbitrary files, including stored credentials
Microsoft Releases February 2025 Security Updates
Scheduled updates for Microsoft products, including security updates for 63 vulnerabilities, of which two are reported as explo...
SonicOS SSL VPN Authentication Bypass Vulnerability (CVE-2024-53704)
A proof-of-concept exploit has been published for CVE-2024-53704, which affects SonicWall NGFWs
Ivanti Releases February 2025 Security Updates
Three advisories cover vulnerabilities and weaknesses in Ivanti Cloud Services Application (CSA), Ivanti Neurons for MDM, Ivant...
Palo Alto Networks Releases Security Updates for PAN-OS
Attack chain using CVE-2025-0108 and CVE-2025-0111 has been observed in the wild
Active Exploitation of Critical Vulnerability Chain in SimpleHelp
CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 can be exploited in a chain to allow full compromise of a SimpleHelp server
Juniper Networks Releases Out-of-Cycle Security Bulletin for Critical Vulnerability
API authentication bypass vulnerability CVE-2025-21589 affects Session Smart Router, Conductor, and WAN Assurance Managed Routers
F5 Releases Quarterly Security Notification (February 2025) Affecting BIG-IP Products
One of the 13 high impact advisories addresses the command injection vulnerability CVE-2025-20029, which could lead to arbitrar...
Medixant Releases Security Update for RadiAnt DICOM Viewer
Successful exploitation of CVE-2025-1001 could allow an attacker to perform a machine-in-the-middle attack (MITM)
Cisco Releases Security Advisory for Secure Client
CVE-2025-20206 could allow an attacker to execute arbitrary code with system privileges
Microsoft Releases March 2025 Security Updates
Scheduled updates for Microsoft products, including security updates for 57 vulnerabilities, of which six are reported as explo...
Apple Releases Security Updates for Multiple Products
Security updates include remediation for exploited vulnerability CVE-2025-24201, which affects iOS, iPadOS, and macOS
Broadcom Releases Security Updates for VMware ESXi, Workstation, Fusion, and vCenter Server
Advisory addresses three security vulnerabilities that could result in DoS, RCE, or partially reading arbitrary files
Multiple Vulnerabilities in Ivanti Endpoint Manager Mobile
Vulnerabilities could allow an attacker to escalate privileges, modify data, or execute arbitrary commands
Ivanti Releases Security Advisory May 2024
Sixteen vulnerabilities have been seen in products including Avalanche, Connect Secure, Secure Access, and EPM
Cisco Releases May 2024 ASA, FMC, and FTD Software Security Advisory
Six advisories are included in the semi-annual Cisco Adaptive Security Appliance Software (ASA), Firepower Management Center (F...
Google Releases Security Update for Exploited Vulnerability CVE-2024-5274
Security update addresses an exploited type confusion vulnerability in Google Chrome
RCE Vulnerability in Atlassian Confluence Data Center and Confluence Server
Proof-of-concept exploit code released for RCE vulnerability CVE-2024-21683
Check Point Releases Security Hotfix for Exploited Zero-Day Vulnerability CVE-2024-24919
Active exploitation of Check Point security gateway devices
Linux Kernel Use-after-free Vulnerability
Linux kernel contains a vulnerability that could allow an attacker to achieve local privilege escalation
Baxter Welch Allyn Connex Spot Monitor Vulnerability CVE-2024-1275
Successful exploitation of CVE-2024-1275 could lead to data compromise, resulting in impact and/or delay in patient care
Baxter Welch Allyn Connex Spot Monitor Vulnerability CVE-2024-1275
Successful exploitation of CVE-2024-1275 could lead to data compromise, resulting in impact and/or delay in patient care
Directory Traversal Vulnerability in SolarWinds Serv-U
Security update addresses a vulnerability that could lead to unauthorised access of confidential files
Critical Vulnerability in PHP
New versions of PHP address a critical vulnerability that could lead to arbitrary PHP code execution
Critical Security Update Released for IntelliJ-based IDEs and JetBrains GitHub Plugin
Exploitation of the vulnerability could lead to the disclosure of access tokens to third-party sites
Arm Releases Security Advisory for Exploited Mali GPU Driver Vulnerability
Exploitation could allow a local attacker to gain access to freed memory
Microsoft Releases June 2024 Security Updates
Scheduled updates for Microsoft products, including security updates for 50 vulnerabilities
MicroDicom Releases DICOM Viewer Software Update
One vulnerability could allow an attacker retrieve and plant medical image files and another could lead to arbitrary code execu...
Broadcom Releases Critical Security Updates for VMware vCenter Server and Cloud Foundation
Advisory addresses three vulnerabilities that could result in privilege escalation or remote code execution
Juniper Networks Releases Security Update for Juniper Secure Analytics
The update addresses 225 vulnerabilities in Juniper Secure Analytics, including five rated critical
Avaya Releases Critical Security Update for IP Office
Two critical vulnerabilities could lead to remote code execution
Progress Software Releases Critical Security Updates for MOVEit Transfer and MOVEit Gateway
Two improper authentication vulnerabilities can lead to authentication bypass
Critical Vulnerability in Fortra FileCatalyst Workflow
The security update addresses a critical SQL injection vulnerability that could allow an attacker to modify data and create adm...
Juniper Networks Releases Out-of-Cycle Security Bulletin for Session Smart Router (SSR)
Authentication bypass vulnerability CVE-2024-2973 affects Session Smart Router, Conductor, and WAN Assurance Router
Cisco Releases Advisory for Exploited Vulnerability in NX-OS software
CLI in NX-OS software contains a command injection vulnerability CVE-2024-20399 that is being exploited in the wild
Apache Releases Multiple Security Updates for HTTP Server
Nine vulnerabilities have been patched, including two that could allow information disclosure and three that could lead to remo...
Citrix Releases Security Critical Updates for NetScaler Console, NetScaler Agent, and NetScaler SVM
Two vulnerabilities could lead to sensitive information disclosure or DoS
Fortinet Releases Security Update for FortiOS and FortiProxy XSS Vulnerability
CVE-2024-26006 is a cross-site scripting vulnerability in SSL-VPN web UI
Microsoft Releases July 2024 Security Updates
Scheduled updates for Microsoft products fix 139 vulnerabilities, including two zero-day vulnerabilities
Exploited Unauthenticated RCE Vulnerability CVE-2023-6548 in Citrix NetScaler ADC and NetScaler Gateway
New intelligence shows that exploitation of this RCE vulnerability does not require authentication
Ivanti Releases Security Update for Vulnerability Affecting Endpoint Manager
A high severity vulnerability could allow an attacker to execute arbitary code via SQL Injection on an affected system
Cisco Releases Security Advisories for Multiple Products
Cisco SSM On-Prem and Cisco Secure Email Gateway are affected by critical vulnerabilities
Ivanti Releases Security Updates for Endpoint Manager for Mobile
Vulnerabilities could allow an attacker to execute arbitrary commands, bypass authentication, and access sensitive resources
SolarWinds Releases Critical Security Updates for Access Rights Manager
Updates address eight critical and five high severity vulnerabilities
Philips Releases Vue PACS Security Advisory
Thirteen vulnerabilities have been found in Philips image-management platform
Docker Releases Security Advisory for Docker Engine
A critical vulnerability could allow an attacker to bypass authorisation plugins
Broadcom Releases Security Updates for VMware ESXi, vCenter Server, and Cloud Foundation Vulnerabilities
Advisory addresses three security vulnerabilities that could result in denial-of-service or authentication bypass
Exploitation of Vulnerability CVE-2023-45249 in Acronis Cyber Infrastructure
Critical vulnerability in Acronis Cyber Infrastructure (ACI) could be exploited to achieve remote code execution
Progress Software Releases Security Update for MOVEit Transfer
An improper authentication vulnerability can lead to privilege escalation
Progress Software Releases Security Advisory for WhatsUp Gold
Advisory addresses 15 security vulnerabilities that could lead to unauthorised access
Roundcube Releases Security Updates for Webmail
Updates address three vulnerabilities that could lead to theft of emails and contacts
SAP Releases Security Update for BusinessObjects
Successful exploitation could lead to full system compromise
Adobe Releases Security Updates for Acrobat and Reader
Successful exploitation of the critical vulnerabilities could lead to ACE or privilege escalation
Microsoft Releases August 2024 Security Updates
Scheduled updates for Microsoft products fix 90 vulnerabilities, including ten zero-day vulnerabilities
Google Releases Security Updates for Chrome
Security update includes two exploited high severity vulnerabilities in Google Chrome
Fortra Releases Security Advisories for FileCatalyst Workflow
Advisories address two vulnerabilities, one rated as critical and the other as high severity
Zyxel Releases Multiple Security Advisories
Advisories address vulnerabilities in Zyxel firewalls, APs, extenders, and security router devices
Veeam Releases September 2024 Security Bulletin
Security bulletin addresses critical severity vulnerabilities affecting Backup & Replication, One, Server Provider Console, and...
Critical SonicWall Vulnerability Under Exploitation
CVE-2024-40766 could lead to unauthorised access or denial-of-service
Proof-of-Concept Exploit Released for Linux Kernel Out-of-Bounds Write Vulnerability
Exploitation of CVE-2024-26581 could allow sensitive information disclosure, privilege escalation, or arbitrary code execution
Cisco Releases Security Advisories Affecting Smart Licensing Utility and Identity Service Engine
Advisories address two critical vulnerabilities in Smart Licensing Utility and one medium vulnerability in Identity Service Engine
Progress Software Releases Security Advisory for LoadMaster
A critical vulnerability could lead to arbitrary command execution
Ivanti Releases September 2024 Updates for EPM
Updates address ten critical vulnerabilities which if exploited could lead to remote code execution
Microsoft Releases September 2024 Security Updates
Scheduled updates for Microsoft products fix 79 vulnerabilities, including four zero-day vulnerabilities
Adobe Releases Security Updates for Acrobat and Reader
Two critical vulnerabilities could lead to arbitrary code execution
Exploited Vulnerabilities in Progress Software WhatsUp Gold
Critical vulnerabilities could allow an attacker to retrieve a user's encrypted password
Broadcom Releases Critical Security Advisory for VMware vCenter Server and Cloud Foundation
Advisory addresses two vulnerabilities that could result in remote code execution or privilege escalation
Exploited Vulnerabilities in Ivanti Cloud Services Appliance (CSA)
Critical vulnerabilities could allow an attacker to bypass admin authentication and execute arbitrary commands on the appliance
HPE Aruba Networking Releases Security Updates for Instant AOS-8 and AOS-10 in Access Points
Three critical vulnerabilities could lead to arbitrary code execution in multiple series of Aruba Access Points
Foxit Releases Security Updates Affecting Foxit PDF Reader and Foxit PDF Editor
Security updates address multiple vulnerabilities that could lead to remote code execution, information disclosure, privilege e...
Progress Software Releases Security Advisory for WhatsUp Gold
The advisory addresses two critical and four high severity vulnerabilities
Public Proof-of-Concept for WatchGuard Vulnerabilities Affecting Firebox SSO Gateway and Client
Advisories address critical vulnerabilities which could lead to authentication bypass, authorisation bypass, or denial-of-service
Cisco Releases Security Advisories for Multiple Products
Advisories address vulnerabilities in Cisco Nexus Dashboard, Meraki MX and Z Series Teleworker Gateway, and others
Microsoft Releases October 2024 Security Updates
Scheduled updates for Microsoft products fix 117 vulnerabilities, including five zero-day vulnerabilities
Ivanti Releases Security Updates for Multiple Products
Updates address exploited vulnerabilities in Cloud Services Application and one critical vulnerability in Connect Secure and Po...
Exploited Vulnerability in Multiple Fortinet Products
A critical vulnerability could lead to unauthenticated arbitrary code execution
Mitel Releases Security Advisories for MiCollab
Advisories address two critical vulnerabilities, two high and one other
Mozilla Releases Security Updates for Firefox and Firefox ESR
Advisory addresses one critical vulnerability
Critical Veeam Backup & Replication Vulnerability Under Active Exploitation
Successful exploitation of CVE-2024-40711 could lead to remote code execution
Cisco Releases Security Advisory for ATA 190 Series Analog Telephone Adapter
Eight vulnerabilities are addressed in this advisory rated as high severity by Cisco
Foxit Releases Security Updates Affecting Foxit PDF Editor
Security updates address multiple vulnerabilities that could lead to remote code execution, information disclosure, privilege e...
Exploited Critical Vulnerability CVE-2024-47575 in Fortinet FortiManager
This critical vulnerability could lead to unauthenticated arbitrary code execution
Cisco Releases October 2024 ASA, FMC, and FTD Software Security Advisory Bundled Publication
35 advisories are included in the semi-annual Cisco Adaptive Security Appliance Software (ASA), Firepower Management Center (FM...
QNAP Releases Security Updates Affecting HBS 3 Hybrid Backup Sync
An OS command injection vulnerability that could lead to arbitrary code execution has been patched
HPE Aruba Networking Releases Critical Security Updates for Instant AOS-8 and AOS-10 in Access Points
Five vulnerabilities could lead to remote code execution and arbitrary command execution in multiple series of Aruba Access Points
Cisco Releases Security Advisories for Multiple Products
Advisories address vulnerabilities in Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points, Nexus Dashboard Fabric Contr...
Citrix Releases Security Updates for Session Recording
Advisory addresses two vulnerabilities that could allow privilege escalation and remote code execution
Microsoft Releases November 2024 Security Updates
Scheduled updates fix 89 Microsoft vulnerabilities, including two zero-day vulnerabilities
Fortinet Releases Multiple Security Advisories
FortiClient and FortiOS are affected by high severity vulnerabilities
Ivanti Releases Security Updates for Multiple Products
Three security advisories address 49 vulnerabilities in Ivanti Avalanche, Ivanti Endpoint Manager (EPM), Ivanti Connect Secure,...
Critical Security Advisory for Icinga 2 (CVE-2024-49369)
Applying security updates is urged as full report with technical details of the vulnerability are expected
Palo Alto Releases Critical Security Bulletin for Firewall Devices
EDIT: This remediation is outdated, and organisations are instructed to follow the advice in the High Severity Cyber Alert CC-4578
Palo Alto Networks Releases Critical Security Advisory for PAN-OS (CVE-2024-0012)
The security advisory addresses a critical authentication bypass vulnerability in the management web interface
Exploitation of Critical Vulnerabilities in VMware vCenter Server and Cloud Foundation
Exploitation reported for critical vulnerabilities CVE-2024-38812 and CVE-2024-38813
Apple Releases Security Updates for Multiple Products
Multiple vulnerabilities affect macOS Sequoia, iOS, iPadOS, Safari, and visionOS
Palo Alto Networks Releases Security Update for GlobalProtect App (CVE-2024-5921)
Palo Alto Networks releases security update to address a privilege escalation vulnerability in GlobalProtect App
QNAP Releases Security Updates for Multiple Products
The most serious vulnerabilities could allow a remote unauthenticated attacker to gain unauthorised access to QNAP products
SonicWall Releases Security Updates for SMA100 NetExtender for Windows (CVE-2024-29014)
CVE-2024-29014 may allow an attacker to execute arbitrary code when processing an EPC Client update
Zyxel Releases Advisory for Exploited Vulnerability CVE-2024-11667
A high severity vulnerability could allow an attacker to upload and download files
Veeam Releases Updates for Service Provider Console and Backup & Replication
The security updates address one critical and ten high severity vulnerabilities
SonicWall Releases Security Updates for SMA100 SSL-VPN Products
Three buffer overflow vulnerabilities could lead to code execution and three others concern path traversal, authentication bypa...
QNAP Fixes Several Vulnerabilities Affecting High-End NAS Devices
QNAP has released a security update addressing several vulnerabilities in their QTS and QuTS NAS operating systems
Ivanti Releases Security Updates for Multiple Products
Updates address critical vulnerabilities in Cloud Services Application, Connect Secure, and Policy Secure
Exploitation of critical path traversal vulnerability (CVE-2024-41713) and 0-day path traversal vulnerability (CVE-2024-55550) in Mitel MiCollab
Evidence of chained exploitation of path traversal vulnerabilities affecting Mitel MiCollab following public release of proof-o...
Microsoft Releases December 2024 Security Updates
Scheduled updates for Microsoft products, including security updates for 72 vulnerabilities, with 1 reported as actively exploited
Cleo Releases Security Advisory for Harmony, VLTrader, and LexiCom
Exploitation in the wild reported for two vulnerabilities potentially leading to RCE
Proof-of-Concept Released for Critical Apache Struts Vulnerability
CVE-2024-53677 could allow unauthenticated remote code execution, path traversal or upload of malicious files
BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access
A critical vulnerability in BeyondTrust remote access tools could lead to code injection
Foxit Releases Security Updates Affecting Foxit PDF Reader and Foxit PDF Editor
Security updates address multiple vulnerabilities that could lead to remote code execution, information disclosure, privilege e...
Fortinet Releases Security Advisory for FortiManager and FortiManager Cloud
CVE-2024-48889 could lead to remote code execution
Sophos Releases Critical Advisory for Sophos Firewall
Critical vulnerabilities could lead to SQL injection, unauthorised access, or RCE
Apache Releases Multiple Security Updates for Tomcat
Security updates addressing CVE-2024-56337 fully mitigate CVE-2024-50379
Palo Alto Networks Releases Security Update for PAN-OS
Exploitation of CVE-2024-3393 has been reported and could lead to a denial-of-service condition on PAN-OS firewalls