Known Exploited Vulnerabilities and counting....
A known exploited vulnerability (KEV) refers to a software vulnerability that is being actively exploited by cybercriminals or threat actors. When a vulnerability becomes known to be exploited in the wild, it signals that the vulnerability poses a significant and imminent risk to organizations.
Common Vulnerability and Exposure
CVEs form a database of known security vulnerabilities that are actively tracked and managed by a group of organizations, such as the U.S. National Cyber Security Alliance. CVEs are an important tool for network security management because they not only provide an inventory of existing vulnerabilities, but also provide information about how the vulnerability can be exploited and instructions on how to protect against it.
Search Known Exploits
Search for CVEs by vendor to identify known exploited vulnerabilities in your environment
CVE = Common Vulnerability and Exposure
CVE OF THE WEEK:
Palo Alto Networks
PAN-OS
Patch deadline: a year ago on 01/20/2025
CVE-2024-3393
Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malformed DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Palo Alto Networks PAN-OS Malformed DNS Packet Vulnerability
Learn more about this CVE: paloaltonetworks.com
Cyber Security News
You may have missed...
*
Inside a cyberattack: How hackers steal data
The truth about cybersecurity is that it's almost impossible to keep hackers outside of an organization, particularly as the cybercrime industry ...
Fake CAPTCHA pages are tricking users into installing malware - PCWorld
This malware targets sensitive data from browsers, Outlook, Steam, and crypto wallets, making users vulnerable to significant security breaches.
South Korea's Hanwha makes a $13 million bet on 'seedless' crypto wallets - CoinDesk
For established financial firms, wallet security and compliant tokenization frameworks remain key barriers to deeper engagement with blockchain-based ...
OpenAI KYC provider accused of sharing users' crypto addresses with federal agencies
A February 18 investigation published by pseudonymous security researchers vmfunc, MDL, and Dziurwa found publicly accessible code that appears to ...
St. Paul law firm, famous for clergy sex abuse cases, snared in data breach - Star Tribune
The Blaze breach and the Anderson & Associates hack appear to be related. Blaze said hackers stole information from a third-party vendor, Texas-based ...
Cybercriminals have evolved. Here's the intel to protect your business. - Huntress
Breaking down hacker tricks & tactics. How an Attacker's Blunder Gave Us a Rare Look Inside Their Day-to-Day. Blog.
Notepad++ patches flaw used to hijack update system - Security Affairs
In early February, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider's infrastructure, redirecting update ....
AI is helping hackers make new malware faster and more complex than ever - TechRadar
AI is helping hackers make new malware faster and more complex than ever - and things may only get tougher · Palo Alto warns GenAI accelerates malware...
Chinese telecom hackers likely holding stolen data 'in perpetuity' for later attempts, FBI official says
In the U.S., the hackers targeted communications of top political officials by accessing the government's “lawful intercept” systems that facilitate ....
Updated daily