Actively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813)...
Broadcom has updated an urgent security advisory following confirmation of in-the-wild exploitation of two critical vulnerabilities affecting its vCenter Server platform: CVE-2024-38812 and...
View ArticleLibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server...
A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1 of the widely-used network monitoring platform. The flaw, rated...
View ArticleCVE-2024-52308: GitHub CLI Vulnerability Could Allow Remote Code Execution
A critical security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) has been identified, potentially enabling remote code execution (RCE) on users’ workstations. This...
View ArticleFrom CVE to PoC: A Collection Maps Windows Privilege Escalation Landscape
Security researcher Michael Zhmaylo has assembled a comprehensive collection of publicly disclosed exploits for Local Privilege Escalation (LPE) vulnerabilities affecting Microsoft Windows operating...
View ArticlePhishing Alert: Government Impersonation Attacks Surge via DocuSign
Cybercriminals are leveraging the trusted reputation of government agencies to deceive businesses, with DocuSign phishing attacks on the rise. A new wave of phishing attacks is targeting businesses...
View ArticlePhobos Ransomware Administrator Extradited to US to Face Charges
Evgenii Ptitsyn, a Russian national, faces a 13-count indictment for his alleged role in a global ransomware scheme that extorted millions from over 1,000 victims. In a significant victory for... The...
View ArticleCISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo...
Critical flaws in widely-used networking and security products demand immediate attention from administrators. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning...
View ArticleCVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities
Apple users are urged to update their devices immediately following the discovery of two critical zero-day vulnerabilities actively exploited in the wild. These vulnerabilities, CVE-2024-44308 and...
View ArticleDONOT APT Group Targets Pakistan’s Maritime and Defense Sectors in New Campaign
A recent report from Cyble Research and Intelligence Labs (CRIL) has exposed a new campaign orchestrated by the Advanced Persistent Threat (APT) group DONOT, also known as APT-C-35. This campaign......
View ArticleCVE-2024-47208 & CVE-2024-48962: Apache OFBiz Exposed to Remote Code Execution
The Apache Software Foundation has released important security updates to address two critical vulnerabilities in Apache OFBiz, a popular open-source suite of business applications. These...
View ArticleClickFix: The Rising Threat of Clipboard-Based Social Engineering
In a detailed report, Proofpoint researchers have unveiled the alarming rise of a unique social engineering method dubbed ClickFix, which exploits human behavior to spread malware through...
View ArticleWget Vulnerability (CVE-2024-10524) Opens Door to SSRF Attacks
A newly discovered vulnerability in the popular Wget download utility could allow attackers to launch server-side request forgery (SSRF) attacks. Security researcher Goni Golan from JFrog has...
View ArticleBitwarden Users Targeted in Malicious Facebook Ad Campaign
Bitdefender Labs uncovers a sophisticated malvertising campaign spreading malware disguised as a Bitwarden security update. A new malvertising campaign exploits Facebook’s advertising platform to...
View ArticleCVE-2024-42057: Exploited by Helldown Ransomware to Target Linux
Sekoia’s Threat Detection & Research (TDR) team uncovers a Linux variant of the Helldown ransomware, expanding the threat landscape. The Helldown ransomware group, previously known for targeting...
View ArticleCVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to...
CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations. A critical vulnerability has been discovered in Cobbler, a popular...
View ArticleGabagool: A Sophisticated Phishing Kit Exploiting Cloudflare R2
In a detailed analysis, TRAC Labs has exposed a phishing campaign named Gabagool that targets corporate and government employees. The campaign leverages the trusted reputation of Cloudflare’s R2...
View ArticleCVE-2024-21287: Critical Zero-Day Exploited in Oracle Agile PLM
Oracle has issued an urgent security alert regarding a critical vulnerability in its Agile Product Lifecycle Management (PLM) software, tracked as CVE-2024-21287. This flaw allows attackers to remotely...
View ArticleGoogle Chrome Patches High-Severity Flaw CVE-2024-11395 in Latest Stable Release
Google has released a new stable version of its Chrome browser for desktop, addressing three security vulnerabilities, including one high-severity flaw. The update, versions 131.0.6778.85/.86 for...
View ArticleCVE-2024-21697: High Severity Flaw in Sourcetree Enables Remote Code Execution
Atlassian has issued a security advisory warning of a critical remote code execution (RCE) vulnerability in its popular Sourcetree software for Mac and Windows. Tracked as CVE-2024-21697 and scoring...
View ArticleAnalysis & PoC Exploits Released for Palo Alto Zero-Days – CVE-2024-0012 and...
In a recent analysis, security researcher Sonny from watchTowr unveiled the technical intricacies of two zero-day vulnerabilities affecting Palo Alto Networks’ Next-Generation Firewalls (NGFW). Tracked...
View Article