Vulnerabilities

Apache Patches Critical RCE Vulnerability in Struts 2

Apache, Vulnerabilities /

Apache Patches Critical RCE Vulnerability in Struts 2 11/12/2023 at 15:49 By Ionut Arghire Apache has addressed a critical-severity Struts 2 file upload vulnerability that could lead to remote code execution. The post Apache Patches Critical RCE Vulnerability in Struts 2 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View […]

React to this headline:

Loading spinner

Apache Patches Critical RCE Vulnerability in Struts 2 Read More »

WordPress 6.4.2 Patches Remote Code Execution Vulnerability

Vulnerabilities, WordPress /

WordPress 6.4.2 Patches Remote Code Execution Vulnerability 08/12/2023 at 18:32 By Ionut Arghire WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code. The post WordPress 6.4.2 Patches Remote Code Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

WordPress 6.4.2 Patches Remote Code Execution Vulnerability Read More »

Russian APT Used Zero-Click Outlook Exploit

APT28, Cyberwarfare, Microsoft Outlook, Russia, Vulnerabilities /

Russian APT Used Zero-Click Outlook Exploit 08/12/2023 at 18:32 By Ionut Arghire Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries. The post Russian APT Used Zero-Click Outlook Exploit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Russian APT Used Zero-Click Outlook Exploit Read More »

Atlassian Patches Critical Remote Code Execution Vulnerabilities

Atlassian, Vulnerabilities /

Atlassian Patches Critical Remote Code Execution Vulnerabilities 07/12/2023 at 13:32 By Ionut Arghire Atlassian has released patches for critical-severity remote code execution flaws in Confluence and other products. The post Atlassian Patches Critical Remote Code Execution Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Atlassian Patches Critical Remote Code Execution Vulnerabilities Read More »

Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes

Cisco, exploited, Vulnerabilities /

Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes 06/12/2023 at 19:03 By Ionut Arghire The Shadowserver Foundation warns of an increase in the number of devices hacked via recent Cisco IOS XE vulnerabilities. The post Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes Read More »

Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images

Endpoint Security, UEFI, Vulnerabilities, vulnerability /

Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images 06/12/2023 at 19:03 By Eduard Kovacs LogoFAIL is an UEFI image parser attack allowing hackers to compromise consumer and enterprise devices using malicious logo images. The post Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Enterprise, Consumer Devices Exposed to Attacks via Malicious UEFI Logo Images Read More »

Chrome 120 Patches 10 Vulnerabilities

Chrome, Vulnerabilities /

Chrome 120 Patches 10 Vulnerabilities 06/12/2023 at 17:46 By Ionut Arghire Chrome 120 was released in the stable channel with patches for 10 vulnerabilities, including five externally reported flaws. The post Chrome 120 Patches 10 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Chrome 120 Patches 10 Vulnerabilities Read More »

CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities

CISA KEV, Qualcomm, Vulnerabilities /

CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities 06/12/2023 at 16:01 By Ionut Arghire CISA has added to its Known Exploited Vulnerabilities Catalog four Qualcomm bugs, including three exploited as zero-days. The post CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

CISA Urges Federal Agencies to Patch Exploited Qualcomm Vulnerabilities Read More »

Apple Patches WebKit Flaws Exploited on Older iPhones

apple, CVE-2023-42916, CVE-2023-42917, Endpoint Security, Featured, iOS, macOS, Malware & Threats, Vulnerabilities /

Apple Patches WebKit Flaws Exploited on Older iPhones 30/11/2023 at 23:02 By Ryan Naraine Apple’s security response team warns that flaws CVE-2023-42916 and CVE-2023-42917 were already exploited against versions of iOS before iOS 16.7.1. The post Apple Patches WebKit Flaws Exploited on Older iPhones appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Apple Patches WebKit Flaws Exploited on Older iPhones Read More »

Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices

CISA KEV, firewall, NAS, Network Security, Ransomware, Vulnerabilities, Zyxel /

Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices 30/11/2023 at 20:18 By Ryan Naraine Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks. The post Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Major Security Flaws in Zyxel Firewalls, Access Points, NAS Devices Read More »

Google Patches Seventh Chrome Zero-Day of 2023

Chrome, exploited, Featured, Vulnerabilities, Zero-Day /

Google Patches Seventh Chrome Zero-Day of 2023 29/11/2023 at 16:46 By Ionut Arghire The latest Chrome security update addresses the seventh exploited zero-day vulnerability documented in the browser in 2023. The post Google Patches Seventh Chrome Zero-Day of 2023 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Google Patches Seventh Chrome Zero-Day of 2023 Read More »

Exploitation of Critical ownCloud Vulnerability Begins

exploited, Featured, Malware & Threats, ownCloud, Vulnerabilities /

Exploitation of Critical ownCloud Vulnerability Begins 28/11/2023 at 18:01 By Ionut Arghire Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure. The post Exploitation of Critical ownCloud Vulnerability Begins appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Exploitation of Critical ownCloud Vulnerability Begins Read More »

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass

CVSS 10, Data Protection, Endpoint Security, GraphAPI, ownCloud, Vulnerabilities /

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass 27/11/2023 at 19:46 By Ionut Arghire Three critical vulnerabilities in ownCloud could lead to sensitive information disclosure and authentication and validation bypass. The post Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical ownCloud Flaws Lead to Sensitive Information Disclosure, Authentication Bypass Read More »

Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products

bug bounty program, Microsoft, Vulnerabilities /

Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products 22/11/2023 at 17:17 By Ionut Arghire Microsoft invites researchers to new bug bounty program focused on vulnerabilities in its Defender products. The post Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Microsoft Offers Up to $20,000 for Vulnerabilities in Defender Products Read More »

Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability

Citrix, Citrix Bleed, Featured, Vulnerabilities /

Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability 22/11/2023 at 15:17 By Ionut Arghire Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it. The post Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability Read More »

Microsoft announces Defender bug bounty program

bug bounty, Don't miss, Hot stuff, Microsoft, Microsoft Defender, News, Vulnerabilities /

Microsoft announces Defender bug bounty program 22/11/2023 at 14:47 By Helga Labus Microsoft has announced a new bug bounty program aimed at unearthing vulnerabilities in Defender-related products and services, and is offering participants the possibility to earn up to $20,000 for the most critical bugs. The Microsoft Defender bug bounty program Microsoft Defender includes various

React to this headline:

Loading spinner

Microsoft announces Defender bug bounty program Read More »

Microsoft Paid Out $63 Million Since Launch of First Bug Bounty Program 10 Years Ago

bug bounty program, Microsoft, Vulnerabilities /

Microsoft Paid Out $63 Million Since Launch of First Bug Bounty Program 10 Years Ago 21/11/2023 at 15:16 By Ionut Arghire Over the past ten years, Microsoft has handed out $63 million in rewards as part of its bug bounty programs. The post Microsoft Paid Out $63 Million Since Launch of First Bug Bounty Program

React to this headline:

Loading spinner

Microsoft Paid Out $63 Million Since Launch of First Bug Bounty Program 10 Years Ago Read More »

Organizations’ serious commitment to software risk management pays off

Application Security, cybercrime, cybersecurity, News, open source, penetration testing, report, software, survey, Synopsys, Vulnerabilities /

Organizations’ serious commitment to software risk management pays off 21/11/2023 at 07:32 By Industry News There has been a significant decrease in vulnerabilities found in target applications – from 97% in 2020 to 83% in 2022 – an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors,

React to this headline:

Loading spinner

Organizations’ serious commitment to software risk management pays off Read More »

Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools

AI, AI/ML, Artificial Intelligence, machine learning, Vulnerabilities /

Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools 17/11/2023 at 17:45 By Ionut Arghire Bug hunters uncover over a dozen exploitable vulnerabilities in tools used to build chatbots and other types of AI/ML models. The post Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Over a Dozen Exploitable Vulnerabilities Found in AI/ML Tools Read More »

Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI

Azure, Vulnerabilities /

Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI 15/11/2023 at 18:02 By Ionut Arghire Microsoft provided guidance on an Azure CLI bug leading to the exposure of sensitive information through GitHub Actions logs. The post Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Microsoft Patches Sensitive Information Disclosure Vulnerability in Azure CLI Read More »

Scroll to Top