Vulnerabilities

Apple Patches Actively Exploited iOS, macOS Zero-Days

apple, Citizen Lab, CVE-2023-41061, CVE-2023-41064, Malware & Threats, Mobile & Wireless, Nation-State, Vulnerabilities /

Apple Patches Actively Exploited iOS, macOS Zero-Days 07/09/2023 at 23:31 By Ryan Naraine Apple pushes out an urgent point-update to its flagship iOS and macOS platforms to fix a pair of security defects being exploited in the wild. The post Apple Patches Actively Exploited iOS, macOS Zero-Days appeared first on SecurityWeek. This article is an […]

React to this headline:

Loading spinner

Apple Patches Actively Exploited iOS, macOS Zero-Days Read More »

Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers

Google TAG, Lazarus, Malware & Threats, Nation-State, North Korea, Vulnerabilities /

Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers 07/09/2023 at 23:31 By Ryan Naraine Google again catches a North Korean APT actor targeting security researchers with zero-days and rigged software tools. The post Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Rigged Software and Zero-Days: North Korean APT Caught Hacking Security Researchers Read More »

Cisco Patches Critical Vulnerability in BroadWorks Platform

Cisco, Vulnerabilities /

Cisco Patches Critical Vulnerability in BroadWorks Platform 07/09/2023 at 16:02 By Ionut Arghire Cisco has released patches for CVE-2023-20238, a critical authentication bypass vulnerability in the BroadWorks Application Delivery Platform. The post Cisco Patches Critical Vulnerability in BroadWorks Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Cisco Patches Critical Vulnerability in BroadWorks Platform Read More »

Password-Stealing Chrome Extension Demonstrates New Vulnerabilities

Chrome, Stealer, Vulnerabilities /

Password-Stealing Chrome Extension Demonstrates New Vulnerabilities 06/09/2023 at 18:16 By Ionut Arghire Academic researchers design a Chrome extension to steal passwords from input fields and publish it to the Chrome webstore. The post Password-Stealing Chrome Extension Demonstrates New Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Password-Stealing Chrome Extension Demonstrates New Vulnerabilities Read More »

Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio

camera, Vulnerabilities /

Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio 06/09/2023 at 18:16 By Eduard Kovacs Dozens of vulnerabilities have been found in widely used security cameras made by defunct Chinese company Zavio.  The post Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Dozens of Unpatched Flaws Expose Security Cameras Made by Defunct Company Zavio Read More »

Chrome 116 Update Patches High-Severity Vulnerabilities

Chrome, Vulnerabilities /

Chrome 116 Update Patches High-Severity Vulnerabilities 06/09/2023 at 14:17 By Ionut Arghire Google has released another weekly Chrome update, to address four high-severity vulnerabilities reported by external researchers. The post Chrome 116 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Chrome 116 Update Patches High-Severity Vulnerabilities Read More »

AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure

VPN, Vulnerabilities, vulnerability /

AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure 06/09/2023 at 14:17 By Eduard Kovacs AtlasVPN developers are working on a patch for an IP leak vulnerability after a researcher publicly disclosed the flaw due to being ignored. The post AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

AtlasVPN to Patch IP Leak Vulnerability After Public Disclosure Read More »

Exploit Code Published for Critical-Severity VMware Security Defect

Aria Operations for Networks, CISA, CVE-2023-34039, ICS/OT, Network Security, VMWare, Vulnerabilities /

Exploit Code Published for Critical-Severity VMware Security Defect 02/09/2023 at 02:22 By Ryan Naraine Exploit code and root-cause analysis released by SinSinology documents the problem as a case where VMWare “forgot to regenerate” SSH keys. The post Exploit Code Published for Critical-Severity VMware Security Defect appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Exploit Code Published for Critical-Severity VMware Security Defect Read More »

In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs

cybercrime, In Other News, Vulnerabilities /

In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs 01/09/2023 at 15:47 By SecurityWeek News Weekly cybersecurity news roundup providing a summary of noteworthy stories that might have slipped under the radar. The post In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

In Other News: Hacking Encrypted Linux Computers, Android Fuzzing, Skype Leaking IPs Read More »

Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks

Vulnerabilities, WordPress /

Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks 31/08/2023 at 18:05 By Ionut Arghire A vulnerability in the All-in-One WP Migration plugin’s extensions exposes WordPress websites to attacks leading to sensitive information disclosure. The post Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Vulnerability in WordPress Migration Plugin Exposes Websites to Attacks Read More »

Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence

Splunk, Vulnerabilities /

Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence 31/08/2023 at 15:46 By Ionut Arghire Splunk has released patches for multiple high-severity vulnerabilities impacting Splunk Enterprise and IT Service Intelligence. The post Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Splunk Patches High-Severity Flaws in Enterprise, IT Service Intelligence Read More »

Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication

exploited, Juniper, Vulnerabilities /

Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication 30/08/2023 at 16:47 By Ionut Arghire Four recent vulnerabilities in the J-Web component of Junos OS have started being chained in malicious attacks after PoC exploit code was published. The post Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication appeared first on SecurityWeek.

React to this headline:

Loading spinner

Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication Read More »

High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome

Chrome, Firefox, Vulnerabilities /

High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome 30/08/2023 at 14:17 By Ionut Arghire Mozilla and Google have released stable updates for the Firefox and Chrome browsers to address several memory corruption vulnerabilities. The post High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

High-Severity Memory Corruption Vulnerabilities Patched in Firefox, Chrome Read More »

VMware Patches Major Security Flaws in Network Monitoring Product

CISA KEV, Malware & Threats, Network Security, VMWare, VMware aria Operations for Logs, Vulnerabilities /

VMware Patches Major Security Flaws in Network Monitoring Product 29/08/2023 at 23:02 By Ryan Naraine VWware patches critical flaws that allow hackers to bypass SSH authentication and gain access to the Aria Operations for Networks command line interface. The post VMware Patches Major Security Flaws in Network Monitoring Product appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

VMware Patches Major Security Flaws in Network Monitoring Product Read More »

Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks

Cisco, Vulnerabilities /

Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks 24/08/2023 at 18:31 By Ionut Arghire Cisco has released patches for three high-severity vulnerabilities in NX-OS and FXOS software that could lead to denial-of-service (DoS) conditions. The post Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks Read More »

3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability

exploited, Malware & Threats, Openfire, Vulnerabilities /

3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability 23/08/2023 at 17:19 By Ionut Arghire More than 3,000 Openfire servers are not patched against a recent vulnerability and are exposed to attacks employing a new exploit. The post 3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

3,000 Openfire Servers Exposed to Attacks Targeting Recent Vulnerability Read More »

First Weekly Chrome Security Update Patches High-Severity Vulnerabilities

Chrome, Vulnerabilities /

First Weekly Chrome Security Update Patches High-Severity Vulnerabilities 23/08/2023 at 15:17 By Ionut Arghire Google has released the first weekly Chrome security update, which patches five memory safety vulnerabilities, including four rated ‘high severity’. The post First Weekly Chrome Security Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

First Weekly Chrome Security Update Patches High-Severity Vulnerabilities Read More »

Exploitation of Ivanti Sentry Zero-Day Confirmed

exploited, Featured, Ivanti, Vulnerabilities, Zero-Day /

Exploitation of Ivanti Sentry Zero-Day Confirmed 23/08/2023 at 12:17 By Eduard Kovacs While initially it was unclear if the Ivanti Sentry vulnerability CVE-2023-38035 has been exploited, the vendor and CISA have now confirmed it. The post Exploitation of Ivanti Sentry Zero-Day Confirmed appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Exploitation of Ivanti Sentry Zero-Day Confirmed Read More »

CISA Warns of Another Exploited Adobe ColdFusion Vulnerability

ColdFusion, exploited, Featured, Malware & Threats, Vulnerabilities /

CISA Warns of Another Exploited Adobe ColdFusion Vulnerability 22/08/2023 at 13:47 By Eduard Kovacs CISA warns that CVE-2023-26359, an Adobe ColdFusion vulnerability patched in March, has been exploited in the wild. The post CISA Warns of Another Exploited Adobe ColdFusion Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

CISA Warns of Another Exploited Adobe ColdFusion Vulnerability Read More »

Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability

Malware & Threats, Network Security, Vulnerabilities /

Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability 21/08/2023 at 22:31 By Ryan Naraine A critical-severity vulnerability in the Ivanti Sentry (formerly MobileIron Sentry) product exposes sensitive API data and configurations. The post Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Ivanti Ships Urgent Patch for API Authentication Bypass Vulnerability Read More »

Scroll to Top