-
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
- October 14, 2024
- 03:30 PM
0
-
GitLab warns of critical arbitrary branch pipeline execution flaw
GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw.
- October 10, 2024
- 11:12 AM
0
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Mozilla fixes Firefox zero-day actively exploited in attacks
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks.
- October 09, 2024
- 01:34 PM
- 1
-
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176.
- October 08, 2024
- 05:48 PM
- 1
-
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
Today is Microsoft's October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited.
- October 08, 2024
- 02:16 PM
- 2
-
Qualcomm patches high-severity zero-day exploited in attacks
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets.
- October 07, 2024
- 02:30 PM
- 0
-
CISA: Network switch RCE flaw impacts critical infrastructure
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure.
- October 02, 2024
- 11:02 AM
- 0
-
DrayTek fixed critical flaws in over 700,000 exposed routers
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10.
- October 02, 2024
- 09:00 AM
- 1
-
Critical flaw in NVIDIA Container Toolkit allows full host takeover
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources.
- September 29, 2024
- 10:23 AM
- 0
-
Progress urges admins to patch critical WhatsUp Gold bugs ASAP
Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible.
- September 27, 2024
- 08:01 AM
- 0
-
HPE Aruba Networking fixes critical flaws impacting Access Points
HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices.
- September 26, 2024
- 08:11 AM
- 0
-
Google sees 68% drop in Android memory safety flaws over 5 years
The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years.
- September 25, 2024
- 01:00 PM
- 3
-
CISA warns of actively exploited Apache HugeGraph-Server bug
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server.
- September 19, 2024
- 06:53 PM
- 0
-
Sponsored Content
4 Top Security Automation Use Cases: A Detailed Guide
Learn about the top 4 security automation use cases that can streamline your cybersecurity efforts. This guide covers reducing enriching indicators of compromise (IoCs), monitoring external attack surface(s), scanning for web application vulnerabilities and monitoring for leaked user credentials - specifically email addresses.
- September 18, 2024
- 10:01 AM
- 0
-
CISA urges software devs to weed out XSS vulnerabilities
CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping.
- September 17, 2024
- 12:39 PM
- 0
-
Hackers targeting WhatsUp Gold with public exploit since August
Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software.
- September 12, 2024
- 12:27 PM
- 0
-
GitLab warns of critical pipeline execution vulnerability
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions.
- September 12, 2024
- 10:50 AM
- 0
-
Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including three actively exploited and one publicly disclosed zero-days.
- September 10, 2024
- 01:32 PM
- 2
-
Progress LoadMaster vulnerable to 10/10 severity RCE flaw
Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.
- September 08, 2024
- 10:11 AM
- 1
-
SonicWall SSLVPN access control flaw is now exploited in attacks
SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible.
- September 06, 2024
- 09:20 AM
- 1
0
