Sophos Firewall v21 MR1 is now available

Blog

Byadmblake February 19, 2025

It’s a fully supported upgrade from v21, v20, v19.5 and v19.0.

Blog

Adobe ColdFusion Access Control Bypass

What is the vulnerability?The Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by Improper Access Control vulnerabilities that could result in a security bypass. Exploitation of these vulnerabilities could give attacker access to the ColdFusion Administrator endpoints for further attack.What is the Vendor Solution?Adobe released patches for the security bypass flaws…

Read More Adobe ColdFusion Access Control Bypass
Blog

OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure. The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites. “The

Read More OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation
Blog

HPE Investigates After Alleged Data Breach

The company reports that it is not experiencing any operational issues within its business, so far.

Read More HPE Investigates After Alleged Data Breach
Blog

Trump Taps Sean Plankey To Fill Empty CISA Director Chair

Plankey has served in numerous cybersecurity positions in the past, including during the first Trump presidency from 2018-2020.

Read More Trump Taps Sean Plankey To Fill Empty CISA Director Chair
Blog

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution…

Read More Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
Blog

SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools

Cybersecurity researchers have disclosed a malicious campaign that leverages search engine optimization (SEO) poisoning techniques to deliver a known malware loader called Oyster (aka Broomstick or CleanUpLoader). The malvertising activity, per Arctic Wolf, promotes fake websites hosting trojanized versions of legitimate tools like PuTTY and WinSCP, aiming to trick software professionals

Read More SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools

Related