Latest Vulnerability news

New regreSSHion OpenSSH RCE bug gives root on Linux servers

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems.
- Bill Toulas
- July 01, 2024
- 09:37 AM
- 6
Juniper releases out-of-cycle fix for max severity auth bypass flaw

Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.
- Bill Toulas
- June 30, 2024
- 11:14 AM
- 0
Dev rejects CVE severity, makes his GitHub repo read-only

The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects.
- Ax Sharma
- June 30, 2024
- 10:31 AM
- 5
Critical GitLab bug lets attackers run pipelines as any user

A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user.
- Bill Toulas
- June 27, 2024
- 10:53 AM
- 0
CISA: Most critical open source projects not using memory safe code

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws.
- Bill Toulas
- June 26, 2024
- 01:56 PM
- 6
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
- Bill Toulas
- June 26, 2024
- 12:56 PM
- 0
Hackers target new MOVEit Transfer critical auth bypass bug

Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday.
- Bill Toulas
- June 26, 2024
- 10:49 AM
- 2
Chemical facilities warned of possible data theft in CISA CSAT breach

CISA is warning that its Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans.
- Lawrence Abrams
- June 24, 2024
- 04:53 PM
- 1
Sponsored Content
Is your cybersecurity vendor transparent about vulnerability fixes?

Transparent disclosure empowers consumers with the information they need to to safeguard their assets effectively. Learn more from Fortinet about choosing a vendor that is transparent with their bug fixes.
- Sponsored by Fortinet
- June 24, 2024
- 10:02 AM
- 0
Facebook PrestaShop module exploited to steal credit cards

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details.
- Bill Toulas
- June 23, 2024
- 10:08 AM
- 0
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks.
- Bill Toulas
- June 20, 2024
- 04:02 PM
- 0
SolarWinds Serv-U path traversal flaw actively exploited in attacks

Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits.
- Bill Toulas
- June 20, 2024
- 11:45 AM
- 0
VMware fixes critical vCenter RCE vulnerability, patch now

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws.
- Bill Toulas
- June 18, 2024
- 02:08 PM
- 0
ASUS warns of critical remote authentication bypass on 7 routers

ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices.
- Bill Toulas
- June 15, 2024
- 11:17 AM
- 4
Black Basta ransomware gang linked to Windows zero-day attacks

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.
- Bill Toulas
- June 12, 2024
- 06:00 AM
- 0
Windows 10 KB5039211 update released with new feature, 12 fixes

Microsoft has released the KB5039211 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 12 changes, including a Snipping Tool feature that allows you to edit Android photos in Windows.
- Lawrence Abrams
- June 11, 2024
- 01:45 PM
- 1
Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability.
- Lawrence Abrams
- June 11, 2024
- 01:31 PM
- 0
Arm warns of actively exploited flaw in Mali GPU kernel drivers

Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild.
- Bill Toulas
- June 10, 2024
- 06:53 PM
- 4
Netgear WNR614 flaws allow device takeover, no fix available

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses.
- Bill Toulas
- June 10, 2024
- 05:38 PM
- 0
Exploit for critical Veeam auth bypass available, patch now

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.
- Bill Toulas
- June 10, 2024
- 11:05 AM
- 0