Fabasoft Tackles PDF.js Vulnerability (CVE-2024-4367), Safeguarding...
Fabasoft, a leading provider of document management and enterprise search solutions, has released security advisories addressing a high-severity vulnerability (CVE-2024-4367) in the widely used PDF.js...
View ArticleMalicious NuGet Campaign Exploits Homoglyphs and Code Injection to Fool...
ReversingLabs, a leading software supply chain security firm, has uncovered a sophisticated malicious campaign targeting the NuGet package manager, a widely-used platform for distributing .NET software...
View ArticleMitel Issues Critical Security Advisory for PHP Argument Injection Vulnerability
Mitel, a global leader in business communications solutions, has issued two critical security advisories warning users of a severe vulnerability in the PHP scripting engine. The vulnerability,...
View ArticleNetgear Patches Multiple Vulnerabilities in CAX30, XR1000, and R7000 Routers
Netgear, a leading provider of networking hardware, has issued a security advisory urging users to update the firmware on several of its popular product models. The advisory addresses a range of...
View ArticleMSI’s Massive Security Breach: 600K+ Warranties Exposed
Earlier, motherboard manufacturer Zotac was found to have leaked a significant amount of detailed customer information due to a failure to configure server permissions properly. This oversight allowed...
View ArticleSupermicro Motherboards Vulnerable to Critical RCE Flaw (CVE-2024-36435)
Supermicro Computer, a leading provider of server and motherboard solutions, has disclosed a critical security vulnerability (CVE-2024-36435) that could expose a wide range of its products to remote...
View ArticleCritical Vulnerabilities Patched in SonicWall SMA100, PoC Published
In a recent vulnerability analysis by SSD Secure Disclosure, critical security flaws were discovered in the SonicWall SMA100 series. Discovered by SeongJoon Cho of SSD Labs Korea, these...
View ArticleSquarespace Customers Targeted in Domain Hijacking Campaign
Squarespace, a popular website building and hosting platform, has recently issued a security advisory warning its customers of an ongoing domain hijacking campaign. The attacks, which began around July...
View ArticleAlphabet to Acquire Cybersecurity Powerhouse Wiz for $23 Billion
Alphabet, Google’s parent company, plans to acquire the cybersecurity startup Wiz for $23 billion, with the deal potentially concluding soon. Founded in January 2020 and headquartered in New York, Wiz...
View ArticleCVE-2024-6744: Cellopoint Secure Email Gateway Flaw Exposes Organizations to...
In a recent advisory issued by the Taiwan Computer Emergency Response Team/Coordination Center (TWCERT/CC), a severe security flaw has been identified in the Cellopoint Secure Email Gateway (SEG), a...
View ArticleUrgent Zero-Day Vulnerability Discovered in Alibaba’s Nacos Platform, PoC...
A critical zero-day vulnerability has been identified in Alibaba’s Nacos platform, a widely used open-source tool for dynamic service discovery and configuration management. This discovery, disclosed...
View ArticleCVE-2024-36401 (CVSS 9.8): Critical GeoServer Flaw Under Active Attack, PoC...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability in OSGeo GeoServer GeoTools, a widely-used open-source software server...
View ArticleCybercriminals Escalate Attacks with Sophisticated HR-themed Phishing Scam
A new, insidious phishing scam targeting employees’ Microsoft credentials has been unveiled by cybersecurity experts at Cofense. The scam, which masquerades as an official communication from a...
View ArticleSecurity Vulnerabilities in Apache Linkis Expose Systems to Arbitrary File...
Apache Linkis, a popular computation middleware used to connect applications with data engines, has released security patches to address three vulnerabilities in its DataSource module. These...
View ArticleJellyfish Loader: Stealthy .NET Malware Raises Cybersecurity Concerns
Recently, researchers at Cyble Research and Intelligence Labs (CRIL) uncovered a new threat in the form of a .NET-based shellcode loader dubbed “Jellyfish Loader.” CRIL indicates that this malicious...
View ArticleCritical Magento Flaw Exploited: CosmicSting (CVE-2024-34102) Strikes Global...
A critical vulnerability known as CosmicSting (CVE-2024-34102), previously identified as a severe threat to Adobe Commerce and Magento stores, is now actively being exploited in the wild. New findings...
View ArticleCVE-2024-1086: Linux Kernel Vulnerability Impacts Numerous Moxa Products
A high-severity vulnerability in the Linux kernel has been found to affect a wide range of Moxa industrial networking and computing products. The vulnerability, identified as CVE-2024-1086 (CVSS 7.8),...
View ArticleSecurity Flaw CVE-2024-6345 in Setuptools Exposes Python Projects to RCE
A severe security vulnerability has been identified in Setuptools, a widely-used library for packaging, distributing, and installing Python projects. This flaw, designated CVE-2024-6345 with a CVSS...
View ArticleCVE-2024-6695 (CVSS 9.8) in Popular WordPress Plugin Exposes 50,000 Sites to...
Security researcher John Castro has uncovered a critical vulnerability (CVE-2024-6695) in Profile Builder, a widely used WordPress plugin with over 50,000 active installations. This flaw, rated 9.8 on...
View ArticleMalicious AWS Packages Deliver Malware Through JPEGs
The Phylum Research Team recently uncovered a sophisticated cyberattack targeting developers using the npm package registry. On July 13th, 2024, researchers identified two seemingly legitimate...
View Article