Vulnerabilities

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

GitLab, Vulnerabilities, vulnerability /

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug 2024-01-25 at 15:46 By Ionut Arghire Over 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability. The post Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

React to this headline:

Loading spinner

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug Read More »

Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive

IoT Security, Pwn2Own, Vulnerabilities /

Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive 2024-01-25 at 15:46 By Eduard Kovacs Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks. The post Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive Read More »

Firefox 122 Patches 15 Vulnerabilities

Firefox, Vulnerabilities /

Firefox 122 Patches 15 Vulnerabilities 2024-01-25 at 14:02 By Ionut Arghire Updates released for Firefox and Thunderbird resolve 15 vulnerabilities, including five high-severity bugs. The post Firefox 122 Patches 15 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Firefox 122 Patches 15 Vulnerabilities Read More »

Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits

car hacking, IoT Security, Pwn2Own, Vulnerabilities /

Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits 2024-01-24 at 17:48 By Eduard Kovacs On the first day of Pwn2Own Automotive participants earned over $700,000 for hacking Tesla, EV chargers and infotainment systems. The post Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits appeared first on SecurityWeek.

React to this headline:

Loading spinner

Pwn2Own Automotive: Hackers Earn Over $700k for Tesla, EV Charger, Infotainment Exploits Read More »

Orca Flags Dangerous Google Kubernetes Engine Misconfiguration

cloud security, GKE, Google Chrome, Kubernetes, Orca Security, Vulnerabilities /

Orca Flags Dangerous Google Kubernetes Engine Misconfiguration 2024-01-24 at 17:48 By Ionut Arghire Attackers could take over a Kubernetes cluster if access privileges are granted to all authenticated users in Google Kubernetes Engine. The post Orca Flags Dangerous Google Kubernetes Engine Misconfiguration appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Orca Flags Dangerous Google Kubernetes Engine Misconfiguration Read More »

PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability

Fortra, GoAnywhere, PoC, Vulnerabilities /

PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability 2024-01-24 at 16:31 By Ionut Arghire PoC code exploiting a critical Fortra GoAnywhere MFT vulnerability gets published one day after public disclosure. The post PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability Read More »

Chrome 121 Patches 17 Vulnerabilities

Chrome, Vulnerabilities /

Chrome 121 Patches 17 Vulnerabilities 2024-01-24 at 14:31 By Ionut Arghire Google releases Chrome 121 to the stable channel with 17 security fixes, including 11 reported by external researchers. The post Chrome 121 Patches 17 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Chrome 121 Patches 17 Vulnerabilities Read More »

Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets

ATM, Bitcoin, Vulnerabilities, vulnerability /

Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets 2024-01-23 at 20:46 By Ionut Arghire Hackers could exploit Lamassu Douro ATM vulnerabilities to take over devices, steal bitcoin from users. The post Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets Read More »

High-Severity Vulnerability Patched in Splunk Enterprise

Splunk, Vulnerabilities /

High-Severity Vulnerability Patched in Splunk Enterprise 2024-01-23 at 15:46 By Ionut Arghire The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version. The post High-Severity Vulnerability Patched in Splunk Enterprise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

High-Severity Vulnerability Patched in Splunk Enterprise Read More »

Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation

iOS 17.3, macOS Sonoma, Malware & Threats, Vulnerabilities, WebKit, Zero-Day /

Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation 2024-01-22 at 22:31 By Ryan Naraine Apple pushes out fresh versions of its iOS and macOS platforms to fix WebKit vulnerabilities being exploited as zero-day in the wild. The post Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation Read More »

Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure

Atlassian, Confluence, exploited, Featured, Vulnerabilities, vulnerability /

Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure 2024-01-22 at 18:16 By Eduard Kovacs The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed.  The post Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure Read More »

New NTLM Hash Leak Attacks Target Outlook, Windows Programs

Identity & Access, Microsoft Outlook, NTLM, Vulnerabilities /

New NTLM Hash Leak Attacks Target Outlook, Windows Programs 2024-01-22 at 17:16 By Eduard Kovacs Varonis finds one vulnerability and three attack methods that can be used to obtain NTLM hashes via Outlook and two Windows programs. The post New NTLM Hash Leak Attacks Target Outlook, Windows Programs appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

New NTLM Hash Leak Attacks Target Outlook, Windows Programs Read More »

Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021

China, China APT, exploited, Nation-State, VMWare, Vulnerabilities /

Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 2024-01-22 at 13:16 By Ionut Arghire CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half. The post Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 Read More »

CISA Issues Emergency Directive on Ivanti Zero-Days

CISA, CVE-2023-46805, CVE-2024-21887, Ivanti, Malware & Threats, Volexity, Vulnerabilities /

CISA Issues Emergency Directive on Ivanti Zero-Days 2024-01-19 at 23:31 By Ryan Naraine The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities. The post CISA Issues Emergency Directive on Ivanti Zero-Days appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

CISA Issues Emergency Directive on Ivanti Zero-Days Read More »

VMware vCenter Server Vulnerability Exploited in Wild 

exploited, Featured, VMWare, Vulnerabilities /

VMware vCenter Server Vulnerability Exploited in Wild  2024-01-19 at 13:16 By Eduard Kovacs VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild.  The post VMware vCenter Server Vulnerability Exploited in Wild  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

VMware vCenter Server Vulnerability Exploited in Wild  Read More »

Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases

exploited, Ivanti, Vulnerabilities /

Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases 2024-01-19 at 13:16 By Eduard Kovacs The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited list. The post Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases appeared first

React to this headline:

Loading spinner

Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases Read More »

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks

ICS, ICS/OT, SCADA, Vulnerabilities, vulnerability /

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks 2024-01-18 at 18:16 By Eduard Kovacs Seven vulnerabilities found in Rapid SCADA could be exploited to gain access to sensitive industrial systems, but they remain unpatched. The post Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks Read More »

Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances

Atlassian, Confluence, Vulnerabilities /

Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances 2024-01-17 at 17:31 By Ionut Arghire Out-of-date Confluence Data Center and Server instances are haunted by a critical vulnerability leading to remote code execution. The post Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Atlassian Warns of Critical RCE Vulnerability in Outdated Confluence Instances Read More »

AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs

AI, Artificial Intelligence, GPU, LLMs, Vulnerabilities /

AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs 2024-01-17 at 15:31 By Eduard Kovacs Researchers show how a new attack named LeftoverLocals, which impacts GPUs from AMD, Apple and Qualcomm, can be used to obtain AI data. The post AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs

React to this headline:

Loading spinner

AI Data Exposed to ‘LeftoverLocals’ Attack via Vulnerable AMD, Apple, Qualcomm GPUs Read More »

GitHub Rotates Credentials in Response to Vulnerability

GitHub, Vulnerabilities, vulnerability /

GitHub Rotates Credentials in Response to Vulnerability 2024-01-17 at 15:31 By Ionut Arghire GitHub rotates credentials and releases patches after being alerted of a vulnerability affecting GitHub.com and GitHub Enterprise Server. The post GitHub Rotates Credentials in Response to Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

GitHub Rotates Credentials in Response to Vulnerability Read More »

Scroll to Top