-
LiteSpeed Cache WordPress plugin bug lets hackers get admin access
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights.
- October 31, 2024
- 12:19 PM
1
-
New Windows Driver Signature bypass allows kernel rootkit installs
Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems.
- October 26, 2024
- 08:28 AM
1
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Cisco fixes root escalation vulnerability with public exploit code
Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems.
- September 04, 2024
- 02:33 PM
- 1
-
Hackers are exploiting critical bug in LiteSpeed Cache plugin
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public.
- August 22, 2024
- 06:14 PM
- 1
-
Docker fixes critical 5-year old authentication bypass flaw
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.
- July 24, 2024
- 03:00 PM
- 0
-
Google patches exploited Android zero-day on Pixel devices
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day.
- June 12, 2024
- 03:06 PM
- 3
-
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.
- April 22, 2024
- 01:22 PM
- 0
-
CrushFTP warns users to patch exploited zero-day “immediately”
CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately.
- April 19, 2024
- 06:33 PM
- 0
-
Cisco discloses root escalation flaw with public exploit code
Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root.
- April 17, 2024
- 01:25 PM
- 1
-
Windows Kernel bug fixed last month exploited as zero-day since August
Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day.
- March 02, 2024
- 10:09 AM
- 0
-
Over 28,500 Exchange servers vulnerable to actively exploited bug
Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.
- February 19, 2024
- 01:46 PM
- 0
-
Microsoft: New critical Exchange bug exploited as zero-day
Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday.
- February 14, 2024
- 06:29 PM
- 1
-
Zoom patches critical privilege elevation flaw in Windows apps
The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.
- February 14, 2024
- 03:32 PM
- 0
-
New Linux glibc flaw lets attackers get root on major distros
Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
- January 30, 2024
- 06:06 PM
- 4
-
CISA: Critical Microsoft SharePoint bug now actively exploited
CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.
- January 12, 2024
- 02:24 PM
- 0
-
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
- November 21, 2023
- 12:56 PM
- 3
-
New Reptar CPU flaw impacts Intel desktop and server systems
Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.
- November 14, 2023
- 06:15 PM
- 1
-
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution.
- November 14, 2023
- 03:34 PM
- 2
-
Microsoft Exchange gets ‘better’ patch to mitigate critical bug
The Exchange Team asked admins to deploy a new and "better" patch for a critical Microsoft Exchange Server vulnerability initially addressed in August.
- October 10, 2023
- 04:03 PM
- 0
-
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
- October 05, 2023
- 03:44 PM
- 0
