-
D-Link won’t fix critical bug in 60,000 exposed EoL modems
Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device.
- November 12, 2024
- 03:31 PM
3
-
Ivanti warns of another critical CSA flaw exploited in attacks
Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers.
- September 19, 2024
- 02:39 PM
0
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.
- July 18, 2024
- 08:48 AM
- 0
-
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.
- June 29, 2024
- 11:18 AM
- 2
-
SolarWinds Serv-U path traversal flaw actively exploited in attacks
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits.
- June 20, 2024
- 11:45 AM
- 0
-
CISA urges software devs to weed out path traversal vulnerabilities
CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping.
- May 02, 2024
- 03:38 PM
- 0
-
Hackers exploit Aiohttp bug to find vulnerable networks
The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library.
- March 16, 2024
- 10:17 AM
- 0
-
ScreenConnect critical bug now under attack as exploit code emerges
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
- February 21, 2024
- 12:18 PM
- 1
-
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.
- November 09, 2023
- 09:28 AM
- 2
-
Over 3,000 Openfire servers vulnerable to takover attacks
Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts.
- August 23, 2023
- 03:36 PM
- 0
-
GitLab 'strongly recommends' patching max severity flaw ASAP
GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825.
- May 24, 2023
- 03:25 PM
- 0
-
Fortinet: New FortiOS bug used as zero-day to attack govt networks
Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss.
- March 13, 2023
- 06:38 PM
- 0
-
Unpatched 15-year old Python bug allows code execution in 350k projects
A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution.
- September 21, 2022
- 12:45 PM
- 0
-
CISA warns of Windows and UnRAR flaws exploited in the wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation.
- August 09, 2022
- 07:07 PM
- 0
-
Western Digital app bug gives elevated privileges in Windows, macOS
Western Digital's EdgeRover desktop app for both Windows and Mac are vulnerable to local privilege escalation and sandboxing escape bugs that could allow the disclosure of sensitive information or denial of service (DoS) attacks.
- March 20, 2022
- 10:11 AM
- 0
-
Grafana fixes zero-day vulnerability after exploits spread over Twitter
Open-source analytics and interactive visualization solution Grafana received an emergency update today to fix a high-severity, zero-day vulnerability that enabled remote access to local files.
- December 07, 2021
- 05:46 PM
- 1
-
Apache emergency update fixes incomplete patch for exploited bug
Apache Software Foundation has released HTTP Web Server 2.4.51 after researchers discovered that a previous security update didn't correctly fix an actively exploited vulnerability.
- October 07, 2021
- 04:35 PM
- 1
-
Actively exploited Apache 0-day also allows remote code execution
Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that the scope of the vulnerability transcends path traversal, allowing attackers remote code execution (RCE) abilities.
- October 06, 2021
- 11:29 AM
- 1
-
Critical Cloudflare CDN flaw allowed compromise of 12% of all sites
Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN.
- July 16, 2021
- 06:29 AM
- 0
-
Heavily used Node.js package has a code injection vulnerability
The heavily downloaded Node.js library "systeminformation" has a severe command injection vulnerability tracked as CVE-2021-21315.
- February 24, 2021
- 06:37 AM
- 0
- 1
- 2
