Critical Security Update Needed for baramundi Management Suite
baramundi software GmbH has issued a critical security advisory regarding vulnerabilities discovered in their widely-used IT management solution, baramundi Management Suite (bMS). These...
View ArticleJPCERT/CC Warns: MirrorFace LODEINFO & NOOPDOOR Malware Targeting Industry
JPCERT Coordination Center (JPCERT/CC) has released a comprehensive report detailing ongoing cyberattacks by the notorious MirrorFace LODEINFO and NOOPDOOR malware against Japanese organizations....
View ArticleActive Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code...
A remote code execution (RCE) vulnerability, tracked as CVE-2024-27348, is currently under active exploitation in the wild, targeting Apache HugeGraph-Server deployments. This discovery comes from the...
View ArticleAtlassian Fixes CVE-2024-21687 & CVE-2024-21686 Vulnerabilities in Bamboo and...
In a recent security advisory, Atlassian, a renowned software company known for its collaboration and productivity tools, has disclosed two high-severity vulnerabilities affecting its widely used...
View ArticleCVE-2024-6457 (CVSS 9.8): Critical Flaw in HUSKY Plugin Threatens 100K+...
A critical vulnerability has been discovered in the widely-used WordPress plugin, HUSKY – Products Filter Professional for WooCommerce. This security flaw, tracked as CVE-2024-6457 with a CVSS score of...
View ArticleCVE-2024-39877: Apache Airflow Security Update Addresses Code Execution...
Apache Airflow, the popular open-source workflow management platform, has released a security update to address a potentially severe code execution vulnerability (CVE-2024-39877) affecting versions...
View ArticleGitLab Explores Sale, Sparks Bidding War Among Tech Giants
Reports indicate that GitLab is in discussions with investment bankers regarding a potential sale, attracting interest from industry peers like Datadog. However, reaching a definitive agreement may...
View ArticleIvanti Patches SQLi Vulnerability (CVE-2024-37381) in Endpoint Management...
Ivanti, a prominent provider of endpoint management solutions, has promptly addressed a SQL Injection vulnerability in its Endpoint Management (EPM) software. This vulnerability, designated as...
View ArticleSolarWinds Patches Multiple Critical Vulnerabilities in Access Rights Manager
SolarWinds, a leading provider of IT management software, has issued an urgent security advisory regarding multiple critical vulnerabilities discovered in its Access Rights Manager (ARM) product. These...
View ArticleCISA Adds Three New Vulnerabilities to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning, adding three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog....
View ArticleCritical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401
Cisco has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-20401) found in its Secure Email Gateway product. This flaw, with a CVSS score of 9.8, could allow attackers to...
View ArticleNullBulge: The Cybercriminal Group Targeting AI and Gaming Communities with...
A new threat actor group, NullBulge, has emerged with a captivating narrative: hacktivists fighting against AI’s encroachment on the art world. But beneath this veneer of activism lies a more complex...
View ArticleCVE-2024-20419 (CVSS 10): Critical Flaw in Cisco Smart Software Manager Opens...
Cisco has issued an urgent security alert regarding a critical vulnerability (CVE-2024-20419) discovered in its Smart Software Manager (SSM) On-Prem and Satellite products. This vulnerability, with the...
View ArticleTAG-100’s Global Espionage Campaign: Exploiting Open-Source Tools
A newly identified cyberespionage group, dubbed TAG-100 by cybersecurity firm Recorded Future, has been linked to a series of sophisticated attacks targeting high-profile government, intergovernmental,...
View ArticleMultiple Critical Vulnerabilities Discovered in FutureNet Networking Devices
A series of critical vulnerabilities have been identified in FutureNet’s NXR, VXR, and WXR series networking devices, leaving thousands of users potentially exposed to cyberattacks. The Japan Computer...
View ArticleNew Android Malware “BadPack” Evades Security Analysis, Researchers Warn
Cybersecurity researchers from Palo Alto Networks’ Unit 42 have identified a novel Android malware variant dubbed “BadPack,” which utilizes a sophisticated evasion technique to bypass traditional...
View ArticleSAP AI Core’s Critical “SAPwned” Flaws Raise Supply Chain Attack Concerns
Cybersecurity researchers at Wiz have uncovered a series of critical vulnerabilities in SAP AI Core, a service designed to develop and deploy AI models. These flaws, collectively dubbed “SAPwned,”...
View ArticleCVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of...
The Apache Software Foundation has issued a security advisory regarding two critical vulnerabilities, CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61....
View ArticleNew Research Exposes VPN Vulnerability: Port Shadow Attacks Undermine User...
A new study presented at the Privacy Enhancing Technologies Symposium (PETS) 2024 has revealed a vulnerability in popular VPN protocols like OpenVPN and WireGuard. This flaw, dubbed “port shadow,”...
View ArticleCryptocurrency Traders Beware: New Malware Exploits RDPWrapper and Tailscale
Cyble Research and Intelligence Labs (CRIL) has uncovered a sophisticated cyberattack campaign targeting cryptocurrency users. This multi-stage attack utilizes a combination of phishing emails,...
View Article