vulnerability

Path Traversal Vulnerability in WPLMS WordPress Theme Exposes Websites to RCE 

vulnerability /

Path Traversal Vulnerability in WPLMS WordPress Theme Exposes Websites to RCE  2024-11-11 at 17:03 By Cyble Overview  A critical path traversal vulnerability, CVE-2024-10470, has been identified in the WPLMS Learning Management System (LMS) theme for WordPress. This vulnerability enables unauthenticated attackers to read and delete arbitrary files on the server due to insufficient file path […]

React to this headline:

Loading spinner

Path Traversal Vulnerability in WPLMS WordPress Theme Exposes Websites to RCE  Read More »

Weekly ICS Vulnerability Intelligence Report: Rockwell Automation, Delta Electronics, Solar-Log

Delta Electronics, vulnerability, Weekly ICS Vulnerability Intelligence Report: Rockwell Automation /

Weekly ICS Vulnerability Intelligence Report: Rockwell Automation, Delta Electronics, Solar-Log 2024-11-08 at 15:01 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has investigated significant ICS vulnerabilities this week, providing essential insights derived from advisories issued by the Cybersecurity and Infrastructure Security Agency (CISA). This week’s report highlights multiple vulnerabilities across critical ICS products,

React to this headline:

Loading spinner

Weekly ICS Vulnerability Intelligence Report: Rockwell Automation, Delta Electronics, Solar-Log Read More »

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

CVE, Don't miss, Horizon3.ai, Hot stuff, News, Palo Alto Networks, PoC, vulnerability /

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) 2024-11-08 at 13:36 By Zeljka Zorz A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of Synopsys

React to this headline:

Loading spinner

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) Read More »

Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching

vulnerability, Zero Click /

Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching 2024-11-07 at 16:19 By daksh sharma Overview A recently discovered high-severity vulnerability, tracked as CVE-2024-10443 and dubbed “RISK:STATION,” poses a significant threat to Synology NAS users worldwide. The vulnerability, affecting Synology DiskStation and BeeStation models, allows remote code execution without user interaction, heightening the potential

React to this headline:

Loading spinner

Critical Zero-Click Vulnerability in Synology NAS Devices Needs Urgent Patching Read More »

Critical Bug in Cisco’s URWB Exposes Systems to Root Privilege Command Injection

URWB, vulnerability /

Critical Bug in Cisco’s URWB Exposes Systems to Root Privilege Command Injection 2024-11-07 at 14:06 By daksh sharma Overview Cisco has disclosed a severe vulnerability, tracked as CVE-2024-20418, in its Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points. The flaw, rated with a maximum CVSS score of 10.0, affects multiple Cisco Catalyst

React to this headline:

Loading spinner

Critical Bug in Cisco’s URWB Exposes Systems to Root Privilege Command Injection Read More »

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

access point, Cisco, CVE, Don't miss, energy sector, Hot stuff, manufacturing sector, maritime industry, News, vulnerability /

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) 2024-11-07 at 11:33 By Zeljka Zorz Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no workarounds to address this

React to this headline:

Loading spinner

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) Read More »

Critical Vulnerabilities in PTZ Cameras: CISA Adds New Exploits to Its Catalog

PTZ Cameras, vulnerability /

Critical Vulnerabilities in PTZ Cameras: CISA Adds New Exploits to Its Catalog 2024-11-05 at 15:04 By daksh sharma The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, spotlighting security flaws in Pan-Tilt-Zoom (PTZ) cameras. The vulnerabilities, which affect specific PTZOptics camera models, pose a

React to this headline:

Loading spinner

Critical Vulnerabilities in PTZ Cameras: CISA Adds New Exploits to Its Catalog Read More »

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Android, CVE, Don't miss, Hot stuff, News, Samsung, security update, smartphones, vulnerability /

Google patches actively exploited Android vulnerability (CVE-2024-43093) 2024-11-05 at 13:34 By Zeljka Zorz Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a

React to this headline:

Loading spinner

Google patches actively exploited Android vulnerability (CVE-2024-43093) Read More »

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

CVE, Don't miss, Hot stuff, Midnight Blue, NAS, News, security update, Synology, vulnerability /

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) 2024-11-04 at 16:04 By Zeljka Zorz Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at

React to this headline:

Loading spinner

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Read More »

ICS Vulnerability Intelligence Report: Key Insights and Recommendations

ICS, vulnerability /

ICS Vulnerability Intelligence Report: Key Insights and Recommendations 2024-11-04 at 15:48 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has investigated key ICS vulnerabilities this week, providing critical insights issued by the Cybersecurity and Infrastructure Security Agency (CISA), focusing on multiple flaws in several ICS products. During this reporting period, CISA issued four

React to this headline:

Loading spinner

ICS Vulnerability Intelligence Report: Key Insights and Recommendations Read More »

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager

CISA, FactoryTalk ThinManager, Rockwell Automation, vulnerability /

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager 2024-11-04 at 12:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has alerted about new vulnerabilities in Rockwell Automation FactoryTalk ThinManager. The alert, designated ICSA-24-305-01, outlines serious security risks that could affect users of the software. With a CVSS v4 score of

React to this headline:

Loading spinner

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager Read More »

IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million

darkweb, data breach, exploit, Fortinet, SonicWall, Vulnerabilities, vulnerability /

IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million 2024-11-01 at 13:34 By Paul Shread Overview Cyble Research and Intelligence Labs (CRIL) researchers investigated 17 vulnerabilities and nine dark web exploits during the period of Oct. 23-29, and highlighted seven vulnerabilities that merit high-priority attention from security teams. This week’s IT vulnerability report affects

React to this headline:

Loading spinner

IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million Read More »

Ransomware hits web hosting servers via vulnerable CyberPanel instances

CVE, Don't miss, Hot stuff, LeakIX, Linux, News, Ransomware, security update, vulnerability, web hosting /

Ransomware hits web hosting servers via vulnerable CyberPanel instances 2024-10-30 at 16:19 By Zeljka Zorz A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware. The PSAUX ransom note (Source: LeakIX) The CyberPanel vulnerabilities CyberPanel

React to this headline:

Loading spinner

Ransomware hits web hosting servers via vulnerable CyberPanel instances Read More »

New Vulnerabilities Identified in Philips Smart Lighting and Matrix Door Controller

CIVN-2024-0329, Matrix Door Controller, Philips, Philips Smart Lighting, vulnerability /

New Vulnerabilities Identified in Philips Smart Lighting and Matrix Door Controller 2024-10-28 at 17:19 By daksh sharma Overview The Indian Computer Emergency Response Team (CERT-In) has issued two critical vulnerability advisories related to Philips Smart Lighting products and the Matrix Door Controller. Both vulnerabilities are classified as high severity, signaling significant risks for users that

React to this headline:

Loading spinner

New Vulnerabilities Identified in Philips Smart Lighting and Matrix Door Controller Read More »

CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention

exploit, vulnerability /

CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention 2024-10-25 at 16:34 By rohansinhacyblecom Overview The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent advisories regarding two vulnerabilities that pose substantial risks to organizations: CVE-2024-20481, a denial-of-service (DoS) vulnerability affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), and CVE-2024-37383,

React to this headline:

Loading spinner

CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention Read More »

Exploited: Cisco, SharePoint, Chrome vulnerabilities

brute-force, Chrome, CISA, Cisco, Don't miss, enterprise, exploit, Hot stuff, Kaspersky, News, PoC, SharePoint, vulnerability /

Exploited: Cisco, SharePoint, Chrome vulnerabilities 2024-10-25 at 13:33 By Zeljka Zorz Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting the software powering its

React to this headline:

Loading spinner

Exploited: Cisco, SharePoint, Chrome vulnerabilities Read More »

CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager 

vulnerability /

CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager  2024-10-24 at 17:03 By Cyble Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has added Fortinet’s FortiManager to its known Exploited Vulnerabilities (KEV) catalog, indicating a pressing need for organizations to address the associated risks.  The critical vulnerability identified as CVE-2024-47575 has been assigned a CVSS score

React to this headline:

Loading spinner

CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager  Read More »

Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More 

vulnerability /

Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More  2024-10-24 at 15:48 By Cyble Overview  Cyble Research & Intelligence Labs (CRIL) has shared new details about weekly industrial control systems (ICS) vulnerabilities. These vulnerabilities were issued by the Cybersecurity and Infrastructure Security Agency (CISA) from October 15 to

React to this headline:

Loading spinner

Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More  Read More »

CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog

vulnerability /

CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog 2024-10-23 at 16:01 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) recently added a vulnerability related to ScienceLogic SL1, previously known as EM7, to its Known Exploited Vulnerabilities (KEV) catalog.   The specific vulnerability in question, designated as CVE-2024-9537, has been

React to this headline:

Loading spinner

CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog Read More »

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed

vulnerability /

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed 2024-10-23 at 14:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding newly discovered vulnerabilities in Microsoft SharePoint, specifically addressing a deserialization vulnerability now included in CISA’s Known Exploited Vulnerability (KEV) catalog.  The

React to this headline:

Loading spinner

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed Read More »

Scroll to Top