-
Critical ServiceNow RCE flaws actively exploited to steal credentials
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks.
- July 25, 2024
- 04:58 PM
0
-
Docker fixes critical 5-year old authentication bypass flaw
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.
- July 24, 2024
- 03:00 PM
0
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Telegram zero-day allowed sending malicious Android APKs as videos
A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files.
- July 22, 2024
- 10:41 AM
- 3
-
SolarWinds fixes 8 critical bugs in access rights audit software
SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices.
- July 18, 2024
- 11:51 AM
- 0
-
Cisco SSM On-Prem bug lets hackers change any user's password
Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators.
- July 17, 2024
- 01:31 PM
- 0
-
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks.
- July 16, 2024
- 06:14 PM
- 0
-
Hackers use PoC exploits in attacks 22 minutes after release
Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available.
- July 13, 2024
- 11:16 AM
- 1
-
Critical Exim bug bypasses security filters on 1.5 million mail servers
Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.
- July 12, 2024
- 04:48 PM
- 0
-
GitLab: Critical bug lets attackers run pipelines as other users
GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.
- July 10, 2024
- 04:08 PM
- 0
-
CISA urges devs to weed out OS command injection vulnerabilities
CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping.
- July 10, 2024
- 02:02 PM
- 0
-
Windows MSHTML zero-day used in malware attacks for over a year
Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features.
- July 10, 2024
- 12:04 PM
- 5
-
Windows 10 KB5040427 update released with Copilot changes, 12 other fixes
Microsoft has released the KB5040427 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 13 changes, including Microsoft Copilot now behaving like an app, providing more flexibility on how it is displayed.
- July 09, 2024
- 02:11 PM
- 0
-
Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days.
- July 09, 2024
- 01:52 PM
- 1
-
Hackers target WordPress calendar plugin used by 150,000 sites
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.
- July 09, 2024
- 01:21 PM
- 2
-
RCE bug in widely used Ghostscript library now exploited in attacks
A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks.
- July 08, 2024
- 12:26 PM
- 1
-
New regreSSHion OpenSSH RCE bug gives root on Linux servers
A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems.
- July 01, 2024
- 09:37 AM
- 6
-
Juniper releases out-of-cycle fix for max severity auth bypass flaw
Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.
- June 30, 2024
- 11:14 AM
- 0
-
Dev rejects CVE severity, makes his GitHub repo read-only
The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects.
- June 30, 2024
- 10:31 AM
- 5
-
Critical GitLab bug lets attackers run pipelines as any user
A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user.
- June 27, 2024
- 10:53 AM
- 0
-
CISA: Most critical open source projects not using memory safe code
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws.
- June 26, 2024
- 01:56 PM
- 6
0
