CVE-2025-9292

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

Chrome Zero-Day Vulnerability: Are You Protected?

With billions of users, Google Chrome is more than just a browser; it’s a fundamental part of your organization's attack surface. It’s installed on nearly every endpoint, from the C-suite to the intern pool. This ubiquity is precisely what makes a Chrome zero-day vulnerability so uniquely...

Exploit for CVE-2024-12345

CVE Exchange Stop chasing vulnerability intel across fragme...

CVE-2024-29210

A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...

CVE-2024-29209

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...

CVE-2024-29209

The CVE-2024-29209/29210 family concerns Phish Alert Button (PAB) for Outlook and related KnowBe4 clients. Technical details across connected records show: attack via update mechanism (CVE-2024-29209) where the client fails to validate the update server’s TLS/SSL and ignores digital signatures, e...

CVE-2024-29209

A medium severity vulnerability has been identified in the update mechanism of the Phish Alert Button for Outlook, which could allow an attacker to remotely execute arbitrary code on the host machine. The vulnerability arises from the application's failure to securely verify the authenticity and...

CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers

Today, CISA and the Federal Bureau of Investigation FBI published guidance on Security Design Improvements for SOHO Device Manufacturers as a part of the new Secure by Design SbD Alert series that focuses on how manufacturers should shift the burden of security away from customers by integrating...

Advancing Cybersecurity Management With Qualys Cloud Agent

In the first part of our series, we discussed the significant enhancements in Reduced Activity Periods RAP and Enhanced Capabilities for VDI in the Qualys Cloud Agent. In this second part of the series, we continue our exploration into the other two pivotal enhancements of this upgrade: 1. Agent...

Hotfix XS82E001 - For Citrix Hypervisor 8.2

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. All customers who are affected by the issues described inCTX277456 - Citrix Hypervisor Multiple Security Updatesshould install this hotfix. Information About this Hotfix Component| Details ---|---...

Guinea Pig and Vulnerability Management products

IMHO, security vendors use the term "Vulnerability Management" extremely inaccurate. Like a guinea pig, which is not a pig and is not related to Guinea, the current Vulnerability Management products are not about the actual practically exploitable vulnerabilities and not really about the...

10 Endpoint Security Problems Solved by the Cloud – Keeping Up To Date

Last week, we examined the state of endpoint security and discussed why most solutions on the market aren’t doing their job. The rest of this blog series will dig further into the topic and look at 10 specific problems with traditional AV software, and how cloud-based security solutions solve the...

Threat Outbreak Alert RuleID32387: Email Messages Distributing Malicious Software on April 5, 2018

Medium Alert ID: 57422 First Published: 2018 April 9 19:32 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32387 may contain the following files: Name | Siz...

Deploying enterprise MDX enabled apps from App Store via Volume Purchase

The CEM/XenMobile Server is currently optimized for Volume Purchase distribution of Public App Store apps that are not MDX enabled. While it is possible to distribute MDX enabled apps from App Store via volume purchase, some considerations must be taken into account for optimal performance. This...

Threat Outbreak Alert RuleID21616: Email Messages Distributing Malicious Software on March 9, 2016

Medium Alert ID: 43989 First Published: 2016 March 9 20:16 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID21616 may contain the following files: Name | Siz...

Mystery Windows 7 Update An Accidental Test Update

A suspicious Windows 7 update today raised concern on a number of Microsoft and technology forums that the Windows Update service had been compromised. Microsoft, however, cleared the air several hours later admitting that the update was their mistake. “We incorrectly published a test update and...

Microsoft Security Bulletin MS02-059: Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure (Q330008)

-----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------- Title: Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure Q330008 Date: 16 October 2002 Software: Microsoftr Word and Microsoftr Excel Impact: Information...