CVE-2025-1846 zj1983 zz File ZfileAction.java deleteLocalFile denial of se
CVE-2025-1845 ESAFENET DSM examExportPDF command injection
CVE-2025-1844 ESAFENET CDG backupLogDetail.jsp sql injection
CVE-2025-1843 Mini-Tmall ProductMapper.java select sql injection
CVE-2025-1842 FITSTATS Technologies AthleteMonitoring login.php cross site
CVE-2025-1841 ESAFENET CDG ClientSortLog.jsp sql injection
CVE-2025-1840 ESAFENET CDG updateorg.jsp sql injection
CVE-2025-1836 Incorta Edit Insight csv injection
CVE-2025-1835 osuuu LightPicture Api.php upload unrestricted upload
CVE-2025-1834 zj1983 zz resolve unrestricted upload
Apple Patches Actively Exploited Security Flaw CVE-2025-24085

Apple Patches Actively Exploited Security Flaw CVE-2025-24085

Giulio Saggin
Giulio Saggin
Tuesday 28 January 2025

Apple has released critical updates to address a "use after free" vulnerability, tracked as CVE-2025-24085, that could allow a malicious application to elevate privileges. The company has confirmed reports of the flaw being actively exploited in older versions of iOS before 17.2.

Popular Wordpress plugin vulnerability exposes 1 million WordPress sites

Popular Wordpress plugin vulnerability exposes 1 million WordPress sites

Microsoft January 2025 Patch Tuesday Fixes 159 Vulnerabilities, Including 8 Zero-Days and 3 Actively Exploited Flaws

Microsoft January 2025 Patch Tuesday Fixes 159 Vulnerabilities, Including 8 Zero-Days and 3 Actively Exploited Flaws

MacOS Sequoia 15.1.1: Critical Security Update Addresses Web-Based Vulnerabilities

MacOS Sequoia 15.1.1: Critical Security Update Addresses Web-Based Vulnerabilities

CVE-2024-38094: Microsoft SharePoint Deserialization Vulnerability

CVE-2024-38094: Microsoft SharePoint Deserialization Vulnerability

Critical Vulnerabilities in Palo Alto Networks’ Expedition Tool Expose Systems to Unauthorized Access and Administrative Takeover

Critical Vulnerabilities in Palo Alto Networks’ Expedition Tool Expose Systems to Unauthorized Access and Administrative Takeover

Kaspersky Lab Products Banned From All Australian Government Systems And Devices

Kaspersky Lab Products Banned From All Australian Government Systems And Devices

Giulio Saggin
Giulio Saggin
Tuesday 25 February 2025

The Australian Government has banned the use of Kaspersky Lab products and web services on all government systems and devices, after they were deemed to be unsafe.

Chinese Company and National Sanctioned For 2020 Attack On 80,000+ Firewalls

Chinese Company and National Sanctioned For 2020 Attack On 80,000+ Firewalls

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned and named a Chinese company and national as those responsible for the April 2020 attack on 80,000+ firewalls worldwide.

International Cyber Security Agencies List Top 15 Exploited Vulnerabilities Of 2023

International Cyber Security Agencies List Top 15 Exploited Vulnerabilities Of 2023

Cyber security agencies from around the world have co-authored a joint Cyber Security Advisory, listing the top 15 most frequently exploited vulnerabilities in 2023.

SEC Charges Four Companies Over Misleading SolarWinds Disclosures

SEC Charges Four Companies Over Misleading SolarWinds Disclosures

The SEC has charged four major companies for making misleading disclosures in relation to the 2020 SolarWinds attack.

Why Every Organisation Needs Real-Time Cybersecurity Alerts

Why Every Organisation Needs Real-Time Cybersecurity Alerts

Real-time vulnerability alerts are critical for cybersecurity. Challenges like data overload, delays, and skill gaps hinder their effectiveness. Balancing speed, accuracy, and coverage is key. SecAlerts offer tailored, swift alerts, crucial in today's threat landscape.

Critical Vulnerabilities Microsoft Azure DevOps and Azure CLI - CVE2023-36437 & CVE2023-36052
Seemlingly harmless sound clips can compromise our smart assistants security and privacy.
What is PCI DSS Requirement 6.1?

What is PCI DSS Requirement 6.1?

There are 12 PCI DSS Requirements that need to be met to attain PCI compliance. One of those, Requirement 6, ensures that an entity has its software protected by up-to-date "vendor-provided security patches".

What is PCI DSS Requirement 6?

What is PCI DSS Requirement 6?

The official explanation of PCI DSS Requirement 6 is summed up as "Develop and maintain secure systems and applications". In other words, an entity attaining PCI compliance needs to have its software protected by up-to-date "vendor-provided security patches".

What is an Approved Scanning Vendor (ASV)?

What is an Approved Scanning Vendor (ASV)?

Discover the Complexities Behind PCI Compliance: Unraveling the Critical Role of External Scans, Internal Vulnerability Checks, and the Cruciality of Requirement 6.1 in Cybersecurity. Explore how ASVs and Services like SecAlerts Play Key Roles in This Compliance Puzzle!

What is a zero-day?

What is a zero-day?

A zero-day refers to a vulnerability in software or hardware that is unknown to the vendor or the public. It's called "zero-day" because once it's discovered, attackers can exploit it immediately, leaving zero days for the vendor to fix it.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203