CVE-2024-1724: Snap Sandbox Escape Vulnerability Threatens Linux Systems
In a recent security disclosure, security researcher McPhail has identified a critical vulnerability in Snap, a popular package manager for Ubuntu and other Linux distributions. The vulnerability,...
View ArticleLinux Flaw: CVE-2024-1085 PoC Exploit Exposes Privilege Escalation Risk
A security researcher has published a proof-of-concept (PoC) exploit code targeting a high-severity CVE-2024-1085 vulnerability in the Linux kernel. The vulnerability, residing in the Netfilter...
View ArticleMultiple Vulnerabilities in Apache HTTP Server Demand Immediate Action
The Apache Software Foundation has issued an urgent security advisory, disclosing multiple vulnerabilities in its widely used Apache HTTP Server. These flaws range from denial-of-service (DoS) attacks...
View ArticleAndroid’s July 2024 Security Patches Fix Critical Vulnerability
On Monday, Google released the July 2024 security patches for the Android operating system, which address several critical vulnerabilities, including one affecting the Framework component. A total of...
View ArticleCVE-2024-6172: Critical Flaw in Icegram Express Plugin Threatens 90,000+...
A severe vulnerability has been discovered in Icegram Express, a widely used WordPress plugin for email marketing and newsletters. The flaw, designated CVE-2024-6172, has been assigned a near-maximum...
View ArticleProxyLogon & ProxyShell Vulnerabilities Back: Gov’t Emails Breached
Nearly three years after the notorious ProxyLogon and ProxyShell vulnerabilities caused widespread havoc on Microsoft Exchange servers, these vulnerabilities have resurfaced with new targets. The Hunt...
View ArticleCVE-2024-36401 (CVSS 9.8): Urgent Patch Needed for GeoServer RCE Vulnerability
A severe security flaw, CVE-2024-36401 (CVSS 9.8), has been discovered in GeoServer, a widely-used open-source software platform for managing and sharing geospatial data. This vulnerability could...
View ArticleCVE-2024-21586: Juniper SRX Vulnerability Leaves Networks Open to Attack
Juniper Networks, a leading provider of networking solutions, has issued a critical security advisory warning users of a high-severity vulnerability affecting their SRX Series firewalls. This...
View ArticleUnpatched Gogs Vulnerabilities: A Ticking Time Bomb for Source Code
SonarSource, a leading code security firm, has uncovered four unpatched vulnerabilities in Gogs, a popular open-source self-hosted Git service. With over 44,000 stars on GitHub and more than 90 million...
View ArticleThe Hidden Danger of PDF Files with Embedded QR Codes, Researchers Warn
SonicWall Capture Labs, the threat research arm of cybersecurity firm SonicWall, has issued a warning regarding a new phishing technique exploiting the widespread use of QR codes. The team has observed...
View ArticleCVE-2024-37726: MSI Center Flaw Exposes Windows Systems to Privilege...
Recently, a critical local privilege escalation vulnerability has been identified in MSI Center, a popular system management application for Windows OS. Tracked as CVE-2024-37726, this vulnerability...
View ArticleUrgent Security Alert: HFS Servers Under Attack, Patch Now!
The AhnLab Security Intelligence Center (ASEC) has issued a critical warning for all users of HTTP File Server (HFS): a recently disclosed remote code execution vulnerability (CVE-2024-23692) is...
View ArticleSnailLoad (CVE-2024-39920): New Side-Channel Attack Exposes Your Web Activity
Security researchers from Graz University of Technology have unveiled a novel cybersecurity threat dubbed “SnailLoad” (CVE-2024-39920). This side-channel attack exploits a vulnerability in the...
View ArticleMallox Ransomware Goes Cross-Platform: New Linux Variant Discovered,...
The notorious Mallox ransomware gang, known for their aggressive multi-extortion tactics, has expanded their arsenal with a new Linux variant. This marks a significant shift for the group, which...
View ArticleCVE-2024-32498: Critical OpenStack Flaw Exposes Cloud Data to Attackers
The OpenStack Foundation has issued an urgent security advisory, disclosing a critical vulnerability (CVE-2024-32498, CVSS 8.8) affecting multiple core components of its cloud infrastructure platform....
View ArticleMekotio Banking Trojan Resurges, Targeting Latin American Financial Systems
A new wave of cyberattacks utilizing the sophisticated Mekotio banking trojan is raising alarms across Latin America, according to a recent report by Trend Micro Research. The malware, active since...
View ArticleLogsign Unified SecOps Platform Urgent Update Addresses Critical RCE...
Two critical vulnerabilities have been identified in the Logsign Unified SecOps Platform, a comprehensive software solution for security operations. These vulnerabilities, CVE-2024-5716 and...
View ArticleUnit 42 Research Exposes GootLoader’s Sophisticated Sandbox Evasion Tactics
Palo Alto Networks’ Unit 42 threat intelligence team has published a comprehensive analysis detailing the advanced evasion techniques employed by GootLoader, a pervasive malware known for its role in...
View ArticleCVE-2024-38513 (CVSS 9.8): Critical Security Flaw in Popular Go Web...
A high-severity vulnerability (CVE-2024-38513) has been discovered in Fiber, a widely-used web framework for the Go programming language. This flaw allows attackers to hijack user sessions, potentially...
View ArticleWidespread Supply Chain Attack on NPM: Trojanized jQuery Discovered
A sophisticated and persistent supply chain attack targeting the popular JavaScript library jQuery has been uncovered by cybersecurity researchers at Phylum. The attack, which has been active since...
View Article