Dec 6, 03:37 AM

CISA Warns of Critical Exploits in Software and Windows Zero-Day Affecting Versions 7 to 11

The Cybersecurity and Infrastructure Security Agency (CISA) has flagged several critical vulnerabilities in widely used software platforms, including CyberPanel, SailPoint IdentityIQ, ProjectSend, and Zyxel. These vulnerabilities, identified as CVE-2024-51378 and CVE-2024-10905, both with a CVSS score of 10, are under active exploitation. Attackers are leveraging these flaws to bypass authentication, execute arbitrary commands, and potentially expose sensitive data. Ransomware campaigns such as PSAUX and Helldown are reportedly exploiting these vulnerabilities. Additionally, a critical zero-day vulnerability in Windows, affecting all versions from Windows 7 to 11 and Server 2008 R2 onward, has been disclosed. This NTLM security flaw exposes user credentials and currently lacks an official fix, although an unofficial patch has been released by 0patch.

#CISA #CyberPanel #SailPoint IdentityIQ #ProjectSend #Zyxel #PSAUX #Helldown #Windows #Server 2008 R2 #NTLM

Written with ChatGPT (GPT-4o).

CISA Warns of Critical Exploits in Software and Windows Zero-Day Affecting Versions 7 to 11

Sources

Additional media

Similar Stories