Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw...
Recently, the Apache Software Foundation has rushed to release Apache HTTP Server version 2.4.61, a crucial update that addresses a severe source code disclosure vulnerability (CVE-2024-39884). This...
View ArticleCVE-2024-39943 (CVSS 9.9): Critical Vulnerability in HTTP File Server Exposes...
A critical vulnerability has been identified in HFS (HTTP File Server), a popular file-sharing software used to send and receive files over HTTP. The vulnerability, tracked as CVE-2024-39943, poses a...
View ArticleCloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak
On June 27, 2024, Cloudflare’s popular 1.1.1.1 public DNS resolver service experienced disruptions, leaving a small percentage of users worldwide unable to access the service or facing significant...
View ArticleCVE-2024-6376 (CVSS 9.8) in MongoDB Compass Exposes Systems to Code Injection...
A recent discovery has unveiled a critical security vulnerability in MongoDB Compass, a widely-used graphical user interface (GUI) for querying, aggregating, and analyzing MongoDB data. This tool,...
View ArticleCVE-2024-36041: KDE Plasma Flaw Opens Door to Unauthorized System Access
The KDE development team has issued a critical security advisory warning users of a high-severity vulnerability (CVE-2024-36041) affecting the KSmserver component in the Plasma desktop environment....
View ArticleMisconfigured Jenkins Servers Targeted in Cryptojacking Attacks
Trend Micro, a global leader in cybersecurity, has issued a warning about a recent wave of attacks targeting misconfigured Jenkins servers. Cybercriminals are exploiting vulnerabilities in the Jenkins...
View ArticleKimsuky Group’s New Backdoor, HappyDoor, Raises Cybersecurity Concerns
The AhnLab Security Intelligence Center (ASEC) has issued a warning about a new backdoor malware called HappyDoor, linked to the Kimsuky group, a North Korean state-sponsored threat actor. HappyDoor is...
View ArticleABB Warns of Critical ASPECT System Vulnerabilities: CVE-2024-6209 and...
ABB, a global leader in electrification and automation technologies, has released a critical cybersecurity advisory concerning vulnerabilities in its ASPECT energy management systems. These...
View ArticleCybercriminals Escalate Attacks Exploiting Microsoft SmartScreen Flaw...
A concerning report from Cyble Research and Intelligence Labs (CRIL) has revealed a surge in cyberattacks exploiting the patched Microsoft Defender SmartScreen vulnerability (CVE-2024-21412). This...
View ArticleVolcano Demon: New Ransomware Gang Targets Windows & Linux
Halcyon’s research team has identified a new ransomware group dubbed “Volcano Demon,” responsible for a series of recent attacks. The group’s ransomware, LukaLocker, encrypts files with the .nba...
View ArticleCVE-2024-39349 (CVSS 9.8): Critical Vulnerability in Synology Surveillance...
Recently, Synology, a leading network-attached storage (NAS) and surveillance solution provider, has updated its security advisory to detail multiple vulnerabilities in its BC500 and TC500 camera...
View ArticleCisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple...
Cisco has issued a critical security advisory, warning users of a high-severity vulnerability (CVE-2024-6387) codenamed “regreSSHion” that affects the OpenSSH server component in various Cisco products...
View ArticleZOTAC Security Breach Exposes Customer Data in Google Search
In a recent revelation, hardware manufacturer ZOTAC faced a significant security lapse that compromised sensitive customer information. Due to inadequate security policies within its after-sales...
View ArticleAvast Cracks DoNex Ransomware, Offering the Decryptor
Researchers from Avast have uncovered a critical flaw in the cryptographic schema of the notorious DoNex ransomware and its predecessors. This discovery has enabled Avast, in cooperation with law...
View ArticleHackers are Actively Exploiting CVE-2024-5441 Flaw, 150,000 Sites at Risk
A severe vulnerability (CVE-2024-5441) has been discovered in the widely used WordPress plugin Modern Events Calendar, leaving over 150,000 websites exposed to potential remote code execution attacks....
View ArticleTurla APT Group Unleashes Sophisticated Fileless Backdoor via Compromised Site
A new campaign attributed to the notorious Turla APT group is exploiting a compromised website of the Philippine Daily Inquirer to deliver a fileless backdoor, as reported by G DATA Security Lab. This...
View ArticleCritical Security Advisory for Apache CloudStack: CVE-2024-38346 and...
The Apache Software Foundation has issued an urgent security advisory, disclosing two critical vulnerabilities (CVE-2024-38346 and CVE-2024-39864) affecting the widely used open-source cloud computing...
View ArticleCVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution...
The Node.js Project has released a security update to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to bypass security measures and execute arbitrary code....
View ArticleVMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote...
A proof-of-concept (PoC) exploit has been released, targeting a recently patched high-severity vulnerability (CVE-2024-22274) in the VMware vCenter Server. With a CVSS score of 7.2, the flaw allows...
View ArticleCVE-2024-6409: New Remote Code Execution Vulnerability in OpenSSH
A newly discovered vulnerability in OpenSSH, tracked as CVE-2024-6409, has been found to expose systems to potential remote code execution (RCE) due to a race condition in signal handling. This...
View Article