Exploiting Livewire: CVE-2024-47823 Puts Laravel Apps at Risk
A newly discovered vulnerability, CVE-2024-47823, has been identified in Livewire, a popular full-stack framework for Laravel used to build dynamic UI components without leaving PHP. This security...
View ArticleCVE-2024-8884 (CVSS 9.8): Critical Flaw Exposes Schneider Electric Industrial...
Schneider Electric has issued a security notification concerning a critical vulnerability in the System Monitor application of their Harmony Industrial PC Series and Pro-face PS5000 Legacy Industrial...
View ArticleResearcher Details Arbitrary File Read Vulnerability (CVE-2024-36814) in...
A critical vulnerability, identified as CVE-2024-36814, has been uncovered in AdGuard Home, an open-source network-wide ad-blocking solution. The vulnerability, discovered by security researcher Jack...
View ArticleNorth Korean Threat Actors Targeting Tech Job Seekers with Contagious...
Palo Alto Networks Unit 42 researchers have uncovered a new wave of attacks in the ongoing Contagious Interview campaign, where North Korean threat actors are posing as recruiters to target... The post...
View ArticleCVE-2024-45720: Code Execution Flaw Discovered in Apache Subversion for Windows
A critical security vulnerability, CVE-2024-45720 (CVSS 8.2), has been identified in Apache Subversion (SVN), a popular version control system widely used by developers to maintain source code, web...
View ArticleOpenBAS: A Powerful Open-Source Platform for Cyber Adversary Simulations
In today’s rapidly evolving cybersecurity landscape, organizations need tools that can help them stay ahead of threats by identifying vulnerabilities and preparing for potential cyberattacks. OpenBAS...
View ArticleResearcher Details Privilege Escalation in Palo Alto Networks’ GlobalProtect...
In a recent vulnerability analysis by Michael Baer from SEC Consult Vulnerability Lab, a significant local privilege escalation vulnerability (CVE-2024-9473) was uncovered in Palo Alto Networks’...
View ArticleCVE-2024-9164 (CVSS 9.6): GitLab Users Urged to Update Now
GitLab, a leading platform for DevOps and continuous integration/continuous delivery (CI/CD), has just released crucial security updates in versions 17.4.2, 17.3.5, and 17.2.9 for both Community...
View ArticleInternet Archive Under Siege: DDoS Attacks and a Mysterious Data Breach
The Internet Archive, a non-profit digital library beloved for its Wayback Machine, has been battling a relentless wave of DDoS attacks since May 2024. While these attacks, often attributed to... The...
View ArticleCVE-2024-47223 (CVSS 9.4): SQLi Flaw in Mitel MiCollab Poses Severe Risk to...
Mitel, a global leader in business communications, has issued a critical security advisory concerning a high-severity SQL injection vulnerability in its MiCollab software, specifically affecting the...
View ArticleCVE-2024-9466 Flaw in Palo Alto Networks’ Expedition Exposes Sensitive...
A recent analysis by security researcher Zach Hanley of Horizon3.ai has uncovered a critical vulnerability, CVE-2024-9466, in Palo Alto Networks’ Expedition tool. This vulnerability, with a CVSS score...
View ArticleTelekopye Expands to Target Tourists via Hotel Booking Scam
In a new report from ESET researchers Jakub Souček and Radek Jizba, the Telekopye scam toolkit has evolved from targeting online marketplace users to exploiting tourists via accommodation booking...
View ArticleCVE-2024-38365: Btcd Bug Could Have Led to Bitcoin Network Fork
A critical vulnerability in btcd, a popular alternative implementation of the Bitcoin protocol, could have allowed malicious actors to create a hard fork of the Bitcoin blockchain at minimal cost.......
View ArticleOpenAI Disrupts 20+ Malicious Operations, Including Election Interference and...
OpenAI has published a report detailing its efforts to combat the misuse of its AI models, revealing the disruption of over 20 operations linked to cyberattacks, influence campaigns, and...
View ArticleKeycloak Patches CVE-2024-3656 Granting Low-Privilege Users Administrative...
Open-source identity and access management platform Keycloak has released a security update to address a high-severity vulnerability that could allow low-privilege users to gain unauthorized access to...
View ArticleAsyncRAT Malware Campaign Exploits Bitbucket to Deliver Multi-Stage Attack
G DATA Security Lab recently uncovered a sophisticated malware campaign leveraging Bitbucket, a popular code hosting platform, to deploy AsyncRAT, a well-known remote access trojan (RAT). According to...
View ArticleProgress Patches Critical Security Flaw CVE-2024-8015 (CVSS 9.1) in Telerik...
Progress Software has released an important security advisory addressing four newly discovered vulnerabilities in their powerful Telerik Report Server, a tool widely used for embedding reporting...
View ArticleCVE-2024-41713 (CVSS 9.8): Unpatched MiCollab Vulnerability Allows...
Mitel has issued a critical security advisory addressing a newly discovered vulnerability, CVE-2024-41713, in the MiCollab platform. This path traversal vulnerability, which carries a CVSS score of...
View ArticleZyxel Devices Targeted by Malicious Actors: Urgent Firmware Update Required
A recent security announcement from security researcher Serhii Boiarynov at the Zyxel EMEA team has uncovered malicious activity targeting Zyxel security appliances. Attackers are exploiting previously...
View ArticleCVE-2024-9465 (CVSS 9.2) SQLi Flaw in Palo Alto Expedition Revealed: Full...
A critical vulnerability, CVE-2024-9465, has been discovered in Palo Alto Networks’ Expedition tool by security researcher Zach Hanley of Horizon3.ai. This SQL injection flaw, with a CVSS score of...
View Article