Researchers Detail Code Execution Vulnerability in Popular PDF Viewer, PDF.js
Security researchers from Codean Labs published the technical details and a proof-of-concept (PoC) exploit code for a high-severity CVE-2024-4367 vulnerability that has been discovered in PDF.js, a...
View ArticleInvisible Miners: Unveiling GHOSTENGINE’s Crypto Mining Operations
Elastic Security Labs has shed light on a complex and insidious crypto-mining operation codenamed REF4578, with its core payload, GHOSTENGINE, exhibiting an alarming degree of sophistication in evading...
View ArticleVoid Manticore: Iranian State-Sponsored Cyber Warfare Exposed
In the complex and rapidly evolving world of cybersecurity, state-sponsored threat actors continue to push the boundaries of their capabilities, posing significant threats to national security and...
View ArticleUnauthenticated RCE Flaw in Fortinet FortiSIEM: Researchers Publishes PoC for...
Cybersecurity researchers at Horizon3.ai published the technical details and a proof-of-concept (PoC) for a critical unauthenticated remote code execution (RCE) vulnerability (CVE-2023-34992) that has...
View ArticleCybercriminals Leverage Docusign Phishing Templates in Sophisticated Attacks
Abnormal Security, a leading cybersecurity firm, has issued a warning regarding a significant increase in Docusign-themed phishing attacks. The firm’s research reveals that cybercriminals are...
View ArticleCVE-2024-29849 (CVSS 9.8): Veeam’s Backup Nightmare, Full System Access Exposed
Veeam Software, a leading provider of backup and recovery solutions, has issued urgent security advisories regarding multiple critical vulnerabilities in its Veeam Backup Enterprise Manager (Enterprise...
View ArticleTurla APT Suspected in “Tiny BackDoor” Campaign Leveraging MSBuild to Evade...
Cyble Research and Intelligence Labs (CRIL) has identified a sophisticated campaign employing a tiny, stealthy backdoor, now suspected to be the work of the infamous Turla APT group. The campaign uses...
View ArticleMultiple Critical Vulnerabilities Discovered in Ivanti Endpoint Manager
Ivanti, a prominent provider of IT management and security solutions, has issued urgent security advisories warning of multiple critical vulnerabilities within its Endpoint Manager (EPM) product. These...
View ArticleBroadcom Security Alert: VMware Vulnerabilities Expose Data, Enable Attacks
Broadcom has issued an important security advisory detailing several vulnerabilities discovered in various VMware products. These vulnerabilities, if exploited, could lead to severe security breaches,...
View ArticleCVE-2024-21683: Atlassian Patches RCE Flaw in Confluence Data Center and Server
Atlassian, a leading provider of collaboration and productivity software, has urgently addressed a remote code execution (RCE) vulnerability in its Confluence Data Center and Server products. Tracked...
View ArticleCVE-2024-31989: Critical Argo CD Flaw Exposes Kubernetes Clusters to Takeover
Argo CD, a popular GitOps continuous delivery tool for Kubernetes, has disclosed a critical security vulnerability (CVE-2024-31989, CVSS 9.1) that could allow attackers to seize control of Kubernetes...
View ArticleNew Information Stealer “SamsStealer” Emerges, Threatening Windows Users
CYFIRMA, a leader in cybersecurity research, has recently unveiled a troubling new threat in the form of an information-stealing malware named “SamsStealer.” This malware, a 32-bit Windows executable...
View ArticleWinRAR Update Patches Text Vulnerability (CVE-2024-33899, CVE-2024-36052)
Security researcher Siddharth Dushantha has uncovered a vulnerability in WinRAR, the popular file compression software, that could be exploited to deceive users or even cause system crashes. The...
View ArticleCVE-2024-4835: GitLab Fixes Account Takeover Vulnerability
GitLab, the popular web-based DevOps platform, has released urgent security patches to address multiple critical vulnerabilities affecting various versions of its Community Edition (CE) and Enterprise...
View ArticleFinancially Motivated Hackers UAC-0006 Resurface with New Attacks Targeting...
Ukraine’s Computer Emergency Response Team (CERT-UA) has issued an urgent warning regarding the reemergence of the financially motivated cybercriminal group UAC-0006. After a period of relative...
View ArticlePoC Releases for Unauthorized RCE Flaw (CVE-2024-29269) Threatens 40K+...
Recently, a significant security flaw has been discovered in the Telesquare TLR-2005KSH LTE routers. These routers, widely used in South Korea and produced by the Telesquare company, have been found to...
View ArticleWestermo EDW-100 Converter Vulnerable: Critical Flaws Discovered, Replacement...
Westermo, a leading provider of industrial data communications equipment, has issued a security advisory highlighting critical vulnerabilities identified in its EDW-100 serial to Ethernet converters....
View ArticleSoftware Supply Chains Threatened: Nexus Repository CVE-2024-4956 Flaw Exposed
Sonatype, a leading provider of software supply chain management solutions, has issued a security advisory regarding a critical vulnerability (CVE-2024-4956) in Nexus Repository, its widely used...
View ArticleCVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access
Cisco, the global leader in networking solutions, has issued a security advisory regarding a vulnerability discovered in its Firepower Management Center (FMC) software. This flaw, identified as...
View ArticleCVE-2024-4978: Backdoor Discovered in Justice AV Solutions Courtroom Software
A critical vulnerability, designated CVE-2024-4978, has been discovered in Justice AV Solutions (JAVS) Viewer software, a widely used audio-visual recording solution for courtrooms and other legal...
View Article