Category: Bulletins
-
Beware the 1Password Phishing Scam
How to Protect Yourself and Your Organization This week, cybercriminals launched a clever and dangerous phishing attack targeting users of the popular password manager, 1Password. The scam? A fake password reset email designed to trick people into handing over their master password—the single key that unlocks all their saved logins, banking details, and other sensitive… Read more
-
Critical Windows Vulnerabilities Exploited – Patch Now
March 2025’s Microsoft Patch Tuesday delivers fixes for 57 security flaws, including six zero-day vulnerabilities that are actively being exploited. The most critical of these can lead to privilege escalation, remote code execution (RCE), and information disclosure, making them high-priority threats for organizations that rely on Windows. Among the standout threats: CVE-2025-24983 (Win32k Privilege Escalation)… Read more
-
Update Chrome Right Now!
This Vulnerability Lets Hackers Take Over Your Device Just by Visiting a Website If you use Google Chrome, stop what you’re doing and update it right now. Now that your’re back, lets get into it. A newly disclosed, critical security flaw in Chrome (CVE-2025-1914 and others) makes it frighteningly easy for hackers to take control… Read more
-
Over 37,000 VMware ESXi Instances Still Vulnerable to Critical Zero-Day – Patch Now Available
Get it before its too late. A critical VMware ESXi vulnerability (CVE-2025-22224) remains unpatched in over 37,000 instances, despite active exploitation in the wild. If you were unable to update due to issues with Broadcom’s Support Portal, now is the time to take action. What’s the Risk? Broadcom recently disclosed three VMware zero-day vulnerabilities affecting… Read more
-
Critical PHP Vulnerability Under Mass Exploitation: What You Need to Know
The 8-month old vulnerability is now being used en-masse A critical vulnerability in PHP, tracked as CVE-2024-4577, is being widely exploited by threat actors to execute remote code on vulnerable servers. The flaw, which carries a high CVSS score of 9.8, affects Windows servers using Apache and PHP-CGI under specific code page configurations. What Happened?… Read more
-
Akira Ransomware Gang Exploits Webcam to Deploy Ransomware
This New Attack Vector Bypasses EDR Detection In a striking demonstration of adaptability, the Akira ransomware gang recently used an unsecured webcam to launch an encryption attack on a victim’s network, bypassing traditional Endpoint Detection and Response (EDR) defenses. This innovative attack highlights critical security gaps in Internet of Things (IoT) devices, underscoring the need… Read more