Fortinet CVE-2025-24472 Patch

Fortinet Confirms CVE-2025-24472 Was Patched in January 2024

Fortinet recently disclosed CVE-2025-24472, a critical authentication bypass vulnerability in FortiOS and FortiProxy that allows attackers to gain super-admin privileges through crafted CSF proxy requests. This vulnerability affects: Fortinet patched the issue in January 2024 with updates to: Clarification on Exploitation and Patching In an update on February 11, 2025, Fortinet confirmed that CVE-2025-24472 is …

Fortinet Confirms CVE-2025-24472 Was Patched in January 2024 Read More »

Microsoft patches zero-day vulnerabilities

Microsoft Patches Actively Exploited Zero-Day Vulnerabilities – Immediate Action Required

Microsoft has released its February 2025 security updates, addressing 67 vulnerabilities across Windows, Office, Azure, Visual Studio, and Remote Desktop Services. The update includes patches for two actively exploited zero-day vulnerabilities that require immediate mitigation. Microsoft Zero-Day Vulnerabilities Both vulnerabilities are listed in CISA’s Known Exploited Vulnerabilities Catalog, indicating active exploitation. Publicly Disclosed Vulnerabilities Other …

Microsoft Patches Actively Exploited Zero-Day Vulnerabilities – Immediate Action Required Read More »

Veeam vulnerability in Backup code execution

Critical Veeam Vulnerability Enables Code Execution via Man-in-the-Middle Attack

Veeam has patched a critical security flaw (CVE-2025-23114, CVSS 9.0) in its Backup software that allows remote code execution through a Man-in-the-Middle (MitM) attack. The issue resides in the Veeam Updater component, enabling attackers to execute arbitrary code with root-level privileges on affected systems. Affected Versions The vulnerability impacts the following products and versions: Patched …

Critical Veeam Vulnerability Enables Code Execution via Man-in-the-Middle Attack Read More »

AI-Driven Skill Matching for Crowd Source Pentesting

NorDef’s AI-Driven Skill Matching for Optimized Crowdsourced Pentesting

In today’s rapidly evolving cybersecurity landscape, organizations face a constant barrage of threats. To stay ahead, businesses need access to the most skilled and experienced security professionals. However, finding the right talent can be a time-consuming and costly endeavor.  That’s where AI-driven skill matching comes in and enhances NorDef’s Next-Gen Crowd-Sourced Pentesting. Introducing AI-Driven Expertise-Matching: …

NorDef’s AI-Driven Skill Matching for Optimized Crowdsourced Pentesting Read More »

DeepSeek AI database data leak.

DeepSeek AI Database Exposure Leaks Sensitive Data

Chinese AI startup DeepSeek exposed a ClickHouse database, allowing unauthorized access to sensitive data, including API secrets, chat logs, and backend details. Unauthorized Database Exposure A misconfigured ClickHouse database at oauth2callback.deepseek[.]com:9000 and dev.deepseek[.]com:9000 was left exposed, allowing anyone to execute SQL queries without authentication. This provided full access to stored data and potential privilege escalation …

DeepSeek AI Database Exposure Leaks Sensitive Data Read More »

DeepSeek AI Security Privacy Risks

DeepSeek AI Faces Security and Privacy Concerns Amid Rapid Growth

Chinese AI startup DeepSeek has restricted new user registrations following large-scale cyberattacks targeting its services. The company cited “malicious attacks” as the reason for the temporary limitation while ensuring that existing users remain unaffected. Security Risks and Vulnerabilities DeepSeek’s latest AI model, DeepSeek R1, has drawn attention for its advanced reasoning capabilities. However, security researchers …

DeepSeek AI Faces Security and Privacy Concerns Amid Rapid Growth Read More »

apple cve-2025-24085 patch zero day

Apple Fixes Actively Exploited Zero-Day in iOS, macOS, and Other Platforms

Apple has released security updates to address multiple vulnerabilities, including an actively exploited zero-day, CVE-2025-24085. This use-after-free issue in the Core Media component allows a malicious application already installed on a device to escalate privileges. The vulnerability has been exploited in the wild, primarily affecting versions of iOS before 17.2. Apple has patched the issue …

Apple Fixes Actively Exploited Zero-Day in iOS, macOS, and Other Platforms Read More »

Nordic Defender Achieves SOC 2 Type II Compliance for the Second Consecutive Year

Nordic Defender is proud to announce the successful completion of our SOC 2 Type II compliance audit for the second year in a row. This significant milestone underscores our unwavering commitment to delivering exceptional security services and maintaining the highest standards of data protection and operational excellence. Our compliance spans three Trust Service Criteria: Security, …

Nordic Defender Achieves SOC 2 Type II Compliance for the Second Consecutive Year Read More »

Palo Alto Networks Releases Patch for PAN-OS DoS Vulnerability

Overview Palo Alto Networks has recently released a patch to address a critical Denial of Service (DoS) vulnerability in its PAN-OS software. The vulnerability, identified as CVE-2024-3393, allows unauthenticated attackers to send a specially crafted packet through the firewall’s data plane, causing the device to reboot and potentially enter maintenance mode. This issue primarily affects …

Palo Alto Networks Releases Patch for PAN-OS DoS Vulnerability Read More »

Sophos Releases Update for Three Critical Firewall Vulnerabilities

Sophos has recently addressed three critical vulnerabilities in its Sophos Firewall product. These vulnerabilities, identified as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, could allow attackers to execute remote code, gain privileged access, and escalate privileges. Issue Overview Remediation Sophos has released hotfixes and permanent fixes for these vulnerabilities. Users are advised to ensure their devices are running …

Sophos Releases Update for Three Critical Firewall Vulnerabilities Read More »