exploit

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability 

exploit, vulnerability /

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  2024-06-14 at 18:16 By Neetha Overview  On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature on […]

React to this headline:

Loading spinner

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  Read More »

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

CVE, Devcore, Don't miss, exploit, Hot stuff, Imperva, News, PHP, Ransomware, vulnerability, WatchTowr, Windows /

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) 2024-06-13 at 15:01 By Zeljka Zorz An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and one

React to this headline:

Loading spinner

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) Read More »

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

CVE, Don't miss, enterprise, exploit, Fortinet, Horizon3.ai, Hot stuff, News, PoC, vulnerability /

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it

React to this headline:

Loading spinner

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

Pump.fun exploiter claims he was arrested in UK and now on bail

arrested, bail, exploit, Memecoin, pump.fun /

Pump.fun exploiter claims he was arrested in UK and now on bail 2024-05-20 at 08:01 By Cointelegraph by Jesse Coghlan The ex-employee alleged of exploiting pump.fun for $1.9 million claims he was arrested and charged in Britain and is now on bail. This article is an excerpt from Cointelegraph.com News View Original Source React to

React to this headline:

Loading spinner

Pump.fun exploiter claims he was arrested in UK and now on bail Read More »

Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack

alex bridge, alex labs, alex protocol, BNB Smart Chain, CEXs, exploit, hack, hack recovery, hackers /

Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack 2024-05-18 at 02:01 By Cointelegraph by Christopher Roark The team behind the Bitcoin layer-2 developer has successfully frozen some exploited crypto after the attacker tried to cash out by sending funds to exchanges. This article is an excerpt from Cointelegraph.com News View Original

React to this headline:

Loading spinner

Alex Labs freezes $3.9M of exploited funds sent to CEXs after hack Read More »

Organizations struggle to defend against ransomware

critical infrastructure, cybersecurity, Don't miss, exploit, extortion, Hot stuff, NTT Security, Ransomware, supply chain, Video /

Organizations struggle to defend against ransomware 2024-05-17 at 07:01 By Help Net Security In this Help Net Security video, Jeremy Nichols, Director, Global Threat Intelligence Center at NTT Security Holdings, discusses a recent surge in ransomware incidents. After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000 ransomware victims

React to this headline:

Loading spinner

Organizations struggle to defend against ransomware Read More »

Binance develops ‘antidote’ to address poisoning scams after $68M exploit

Address Poisoning Scam, Address Spoofing, Binance Security, Bitcoin Scams, crypto scam, Cryptocurrencies, cybersecurity, exploit, scams, security /

Binance develops ‘antidote’ to address poisoning scams after $68M exploit 2024-05-16 at 14:01 By Cointelegraph by Zoltan Vardai Binance’s new algorithm has already helped detect over 13.4 million spoofed blockchain addresses on BNB and over 1.68 million on Ethereum. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Binance develops ‘antidote’ to address poisoning scams after $68M exploit Read More »

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)

0-day, Chrome, Don't miss, exploit, Hot stuff, Kaspersky, News, security update /

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) 2024-05-16 at 12:01 By Zeljka Zorz For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 CVE-2024-4947 is a type confusion vulnerability in V8, Chrome’s JavaScript and WebAssembly

React to this headline:

Loading spinner

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) Read More »

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK

alex, Bitcoin Layer 2, bridge, CertiK, exploit, private key hack /

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK 2024-05-15 at 00:02 By Cointelegraph by Christopher Roark The deployer account changed an Alex contract’s implementation address, and multiple tokens were subsequently drained from its bridge. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Alex bridge on BNB Smart Chain drained of $4.3M after suspicious upgrade — CertiK Read More »

CertiK discovered $5M security flaw in Wormhole bridge on Aptos

Aptos, bug, CertiK, cybersecurity, exploit, hack, wormhole /

CertiK discovered $5M security flaw in Wormhole bridge on Aptos 2024-05-13 at 23:01 By Cointelegraph by Christopher Roark A flaw in the bridge could have allowed an attacker to produce fake token transfers, but it was discovered and patched before anyone could take advantage of it. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

CertiK discovered $5M security flaw in Wormhole bridge on Aptos Read More »

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT

BitGo, exploit, hack, rain, ZachXBT /

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT 2024-05-13 at 20:01 By Cointelegraph by Christopher Roark Several wallets reportedly belonging to Rain sent suspicious token transfers to a new address. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Rain exchange suffered $14.1M in suspicious outflows 2 weeks ago — ZachXBT Read More »

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)

0-day, Chrome, CVE, Don't miss, exploit, Google, Hot stuff, News /

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) 2024-05-10 at 12:16 By Zeljka Zorz Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger an exploitable heap

React to this headline:

Loading spinner

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) Read More »

Bugs in Gains Network fork let traders profit 900% on every trade: Report

cybersecurity, exploit, gains, gains network, holdstation, holdstation exchange, integer overflow, krav, krav trade, zellic /

Bugs in Gains Network fork let traders profit 900% on every trade: Report 2024-05-10 at 00:05 By Cointelegraph by Christopher Roark An attacker could have placed a limit buy order with an arbitrarily high open price to automatically win every trade, the Zellic security platform discovered. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

Bugs in Gains Network fork let traders profit 900% on every trade: Report Read More »

Kronos Research hacker shifts funds to Tornado Cash

Crypto, Ethereum, etherscan, exploit, Funds, hacker, Kronos Research, laundering, PeckShield, Tornado Cash /

Kronos Research hacker shifts funds to Tornado Cash 2024-05-07 at 11:01 By Cointelegraph by Prashant Jha Kronos Research was exploited for $25 million in November last year, and one of the six wallets linked to the hacker started moving funds to Tornado Cash on May 7. This article is an excerpt from Cointelegraph.com News View

React to this headline:

Loading spinner

Kronos Research hacker shifts funds to Tornado Cash Read More »

GNUS Discord hack causes $1.27M in losses

AI, Discord, exploit, genius, gnus, hack /

GNUS Discord hack causes $1.27M in losses 2024-05-06 at 22:04 By Cointelegraph by Christopher Roark The attacker was able to view team members’ private Discord messages, allowing them to gain access to the team’s wallet address and mint 100 million fake tokens. This article is an excerpt from Cointelegraph.com News View Original Source React to

React to this headline:

Loading spinner

GNUS Discord hack causes $1.27M in losses Read More »

Hundred Finance hacker moves stolen assets a year after $7M exploit

blockchain security, CertiK, crypto assets, Crypto hack, Cryptocurrency, Decentralized Finance, DeFi, Ethereum, exploit, flash loan attack, hacker, Hundred Finance, loss, PeckShield, security breach /

Hundred Finance hacker moves stolen assets a year after $7M exploit 2024-05-02 at 15:01 By Cointelegraph by Ezra Reguerra The hacker holds about $4.3 million in various crypto assets in their Ethereum wallet. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Hundred Finance hacker moves stolen assets a year after $7M exploit Read More »

Pike Finance clarifies ‘USDC vulnerability’ statement on $1.6M exploit

arbitrum, cctp, Circle, Cross-Chain Transfer Protocol, crypto hacks, crypto security, DeFi news, DeFi Protocol, Ethereum, exploit, Optimism, Pike, security breach, smart contract, USDC vulnerability /

Pike Finance clarifies ‘USDC vulnerability’ statement on $1.6M exploit 2024-05-02 at 11:01 By Cointelegraph by Ezra Reguerra Pike highlighted that the exploit occurred due to their team’s inadequate integration of third-party technologies such as the CCTP or Gelato Network’s automation services. This article is an excerpt from Cointelegraph.com News View Original Source React to this

React to this headline:

Loading spinner

Pike Finance clarifies ‘USDC vulnerability’ statement on $1.6M exploit Read More »

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, PoC /

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades 2024-04-30 at 15:47 By Zeljka Zorz There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has confirmed on Monday, but they are “not aware at this time of any malicious attempts to

React to this headline:

Loading spinner

Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades Read More »

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

0-day, APT, CVE, cyber espionage, Don't miss, exploit, Hot stuff, Microsoft, News, Windows /

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a

React to this headline:

Loading spinner

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

Censys, CrowdStrike, CrushFTP, CVE, Don't miss, enterprise, exploit, FTP, Hot stuff, News /

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) 2024-04-23 at 13:01 By Zeljka Zorz A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system files (i.e., configuration files), but only if

React to this headline:

Loading spinner

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) Read More »

Scroll to Top