CISA Alerts on Active Exploitation of Flaws in ImageMagick, Linux Kernel, and...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The agency’s...
View ArticleNGINX Open Source Makes the Jump to GitHub, Boosting Collaboration and...
In a significant shift for the open-source community, NGINX, the widely popular reverse proxy server, has announced the migration of its open-source development repository from Mercurial to GitHub....
View ArticleSiemens Issues Critical Security Advisory for User Management Component (UMC)...
Siemens, a global industrial automation giant, has disclosed a critical heap-based buffer overflow vulnerability in its User Management Component (UMC). The vulnerability, identified as CVE-2024-33698...
View ArticleIvanti Issues Patch for Critical Vulnerabilities in Endpoint Manager,...
Ivanti has released a series of critical updates for its widely used Ivanti Endpoint Manager (EPM), addressing several vulnerabilities that pose significant security risks to organizations. The most...
View ArticleQuad7 Operators Unveil New Moves with Advanced HTTP Reverse Shells and Botnet...
In a recent report from Sekoia TDR, the Quad7 botnet operators—already known for leveraging compromised routers to relay attacks—are demonstrating an evolving arsenal of techniques and tools aimed at...
View ArticleCVE-2024-8517: Critical SPIP Flaw Leaves Websites Vulnerable to Remote...
The popular open-source content management system (CMS), SPIP, is facing a critical security vulnerability that could allow unauthenticated attackers to execute malicious code on affected servers. The...
View ArticleEarth Preta’s Cyber Arsenal Expands: New Malware and Strategies Target APAC...
A new report from Trend Micro has revealed that Earth Preta, the notorious cyber espionage group, has significantly evolved its tactics and malware arsenal, posing a heightened threat to government......
View ArticleCVE-2024-42500 (CVSS 9.3): Critical HPE HP-UX Vulnerability Demands Immediate...
A critical vulnerability has been discovered in HPE HP-UX’s Network File System (NFSv4), leaving systems open to potential denial-of-service (DoS) attacks. This vulnerability, tracked as CVE-2024-42500...
View ArticleMicrosoft’s September Patch Tuesday: A Patchwork of Urgency with 4 Zero-Days...
This September’s edition of Microsoft’s Patch Tuesday addresses 79 vulnerabilities, including 6 critical and 71 important severity issues. Among these, four zero-day vulnerabilities were actively...
View ArticleCybercriminals Exploit Legitimate Windows Tool for Cryptojacking
The AhnLab Security Intelligence Center (ASEC) has uncovered a concerning trend in cybercrime involving the misuse of Binary Managed Object Files (BMOFs) for the distribution of XMRig, a notorious...
View ArticleCVE-2024-6596 (CVSS 9.8): Critical Code Injection Flaw Found in...
CERT@VDE coordinated with Endress+Hauser, a well-known leader in industrial automation and instrumentation, has issued a security advisory for a critical vulnerability (CVE-2024-6596) affecting several...
View ArticleCVE-2024-45411: Twig Sandbox Bypass Vulnerability Puts PHP Applications at Risk
A critical security vulnerability has been discovered in Twig, a widely used PHP template engine, potentially allowing attackers to bypass sandbox restrictions and execute malicious code. The...
View ArticleCVE-2024-45032 (CVSS 10): Siemens Issues Critical Security Patch for...
Siemens has released a critical security advisory for its Industrial Edge Management platform, warning of an Authorization Bypass vulnerability that could have serious implications for industrial...
View ArticleFrom Charging to Hijacking: The Autel MaxiCharger Vulnerability
The transition to electric vehicles (EVs) is rapidly gaining momentum, but the recent Pwn2Own Automotive 2024 competition in Tokyo has revealed a concerning vulnerability: EV chargers themselves can be...
View ArticleLNK Stomping (CVE-2024-38217): Microsoft Patches Years-Old Zero-Day Flaw
Microsoft’s September 2024 security update addresses a zero-day vulnerability affecting Smart App Control and SmartScreen. This vulnerability, dubbed “LNK stomping” (CVE-2024-38217), has been actively...
View ArticleCVE-2024-43491 (CVSS 9.8): Critical Windows 0-Day Flaw Uncovered, Urgent...
Microsoft has disclosed a critical zero-day vulnerability in its Windows operating system, identified as CVE-2024-43491. The vulnerability, with a severity score of 9.8 (out of 10), resides within the...
View ArticleScattered Spider Targets the Cloud: A Growing Threat to the Insurance and...
A new wave of ransomware attacks targeting cloud infrastructures has put the insurance and financial industries on high alert. According to a recent report from EclecticIQ analysts, the Scattered...
View ArticleFBI’s 2023 Cryptocurrency Fraud Report: $5.6 Billion Lost in Exploding...
The FBI’s Internet Crime Complaint Center (IC3) has released its 2023 Cryptocurrency Fraud Report, revealing alarming trends in the rapidly growing world of cryptocurrency crime. In 2023 alone, over...
View ArticlePAN-OS Vulnerabilities: Command Injection (CVE-2024-8686) and GlobalProtect...
Palo Alto Networks, a leading cybersecurity solutions provider, has recently released a critical security advisory, urging its customers to take immediate action to address several vulnerabilities...
View ArticleCybercriminals Increasingly Target Google, Microsoft, and Amazon in...
A recent report by Zscaler ThreatLabz sheds light on the rising wave of phishing campaigns, with threat actors increasingly turning to typosquatting and brand impersonation tactics. From February 2024...
View Article