vulnerability

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed

vulnerability /

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed 2024-10-23 at 14:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding newly discovered vulnerabilities in Microsoft SharePoint, specifically addressing a deserialization vulnerability now included in CISA’s Known Exploited Vulnerability (KEV) catalog.  The […]

React to this headline:

Loading spinner

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed Read More »

Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations

Bitdefender, vulnerability /

Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations 2024-10-22 at 16:16 By daksh sharma Overview Bitdefender has issued a security advisory detailing critical vulnerabilities within its flagship products, Bitdefender Total Security and SafePay. These vulnerabilities pose significant risks to users and require urgent patching.  Bitdefender Total Security serves as a cybersecurity solution designed to protect

React to this headline:

Loading spinner

Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations Read More »

Cyble Sensors Detect Attacks on Java Framework, IoT Devices

vulnerability /

Cyble Sensors Detect Attacks on Java Framework, IoT Devices 2024-10-22 at 15:40 By daksh sharma Overview Cyble’s weekly sensor intelligence report detailed more than 30 active attack campaigns against known vulnerabilities. New attacks were observed against a vulnerability in the Spring Java framework, and more than 400,000 attacks were observed exploiting a known IoT vulnerability.

React to this headline:

Loading spinner

Cyble Sensors Detect Attacks on Java Framework, IoT Devices Read More »

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

Broadcom, CVE, Don't miss, Hot stuff, News, security update, virtualization, VMWare, vulnerability /

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) 2024-10-22 at 14:02 By Zeljka Zorz Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by

React to this headline:

Loading spinner

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) Read More »

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

CVE, Don't miss, exploit, Hot stuff, News, Positive Technologies, Roundcube, vulnerability /

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) 2024-10-22 at 12:34 By Zeljka Zorz Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and

React to this headline:

Loading spinner

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) Read More »

Splunk’s Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise

vulnerability /

Splunk’s Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise 2024-10-21 at 15:33 By daksh sharma Overview Splunk has recently issued an advisory detailing multiple vulnerabilities discovered in its Splunk Enterprise software. The advisory categorize vulnerabilities into three primary classifications based on their CVSS base scores. In total, there are two vulnerabilities classified as High, with

React to this headline:

Loading spinner

Splunk’s Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise Read More »

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products

Delta products, Rockwell Automation, Siemens, vulnerability /

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products 2024-10-21 at 14:18 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Industrial Control System (ICS) Vulnerability Intelligence Report, sharing multiple vulnerabilities observed by the Cybersecurity and Infrastructure Security Agency (CISA) between

React to this headline:

Loading spinner

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products Read More »

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products

Delta products, Rockwell Automation, Siemens, vulnerability /

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products 2024-10-21 at 13:56 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Industrial Control System (ICS) Vulnerability Intelligence Report, sharing multiple vulnerabilities observed by the Cybersecurity and Infrastructure Security Agency (CISA) between

React to this headline:

Loading spinner

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products Read More »

SolarWinds Releases Patches for High-Severity Vulnerabilities

SolarWinds, vulnerability /

SolarWinds Releases Patches for High-Severity Vulnerabilities 2024-10-17 at 16:46 By daksh sharma Overview SolarWinds has issued an important security update advisory outlining the latest vulnerability patches released for its products. This advisory provides insights into recently disclosed vulnerabilities affecting the SolarWinds range and emphasizes the need for organizations to take immediate action to protect their

React to this headline:

Loading spinner

SolarWinds Releases Patches for High-Severity Vulnerabilities Read More »

GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments

GitHub, vulnerability /

GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments 2024-10-17 at 14:31 By daksh sharma Overview GitHub has issued a security advisory regarding critical vulnerabilities that require immediate attention from users of the GitHub Enterprise Server (GHES). This advisory highlights a specific vulnerability that could severely compromise organizations’ security relying on this self-hosted version

React to this headline:

Loading spinner

GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments Read More »

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products

CISA, CVE-2024-28987, vulnerability /

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products 2024-10-16 at 14:14 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability (KEV) catalog. These vulnerabilities pose risks to organizations and require immediate attention. CISA categorizes vulnerabilities based on

React to this headline:

Loading spinner

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products Read More »

Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors

exploit, vulnerability /

Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors 2024-10-15 at 15:16 By rohansinhacyblecom Overview On September 10, 2024, a critical vulnerability, CVE-2024-45409, was identified by ahacker1 of SecureSAML. The vulnerability was then patched in the Ruby-SAML library, which is widely used for implementing SAML (Security Assertion Markup Language) authorization. This flaw affects Ruby-SAML

React to this headline:

Loading spinner

Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors Read More »

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

CVE, Don't miss, enterprise, Fortinet, FortiOS, Hot stuff, News, Shadowserver, vulnerability, WatchTowr /

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) 2024-10-15 at 14:49 By Zeljka Zorz Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the

React to this headline:

Loading spinner

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Read More »

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits

Ivanti, Microsoft, Qualcomm, vulnerability, Zimbra /

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits 2024-10-15 at 12:52 By daksh sharma Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) investigated 22 vulnerabilities during the week of Oct. 2-8 and identified six products that security teams should prioritize for patching and mitigation. Additionally, Cyble researchers detected 14

React to this headline:

Loading spinner

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits Read More »

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

CVE, Don't miss, ESET, Firefox, Hot stuff, News, security update, Tor, vulnerability /

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) 2024-10-10 at 15:31 By Zeljka Zorz Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in

React to this headline:

Loading spinner

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) Read More »

Cyble Urges ICS Vulnerability Fixes for TEM, Mitsubishi, and Delta Electronics

Delta Electronics, Mitsubishi, TEM, vulnerability /

Cyble Urges ICS Vulnerability Fixes for TEM, Mitsubishi, and Delta Electronics 2024-10-10 at 15:18 By dakshsharma16 Key Takeaways Overview Cyble researchers have identified vulnerabilities in three products used in critical infrastructure environments that merit high-priority attention from security teams. Cyble’s weekly industrial control system/operational technology (ICS/OT) vulnerability report for Oct. 1-7 investigated 10 vulnerabilities in

React to this headline:

Loading spinner

Cyble Urges ICS Vulnerability Fixes for TEM, Mitsubishi, and Delta Electronics Read More »

OEMs Are Urged to Address Vulnerabilities in Device Communication

CVE-2024-43047, Google, Qualcomm, vulnerability /

OEMs Are Urged to Address Vulnerabilities in Device Communication 2024-10-09 at 17:31 By dakshsharma16 Overview Qualcomm has shared its October 2024 Security Bulletin, highlighting multiple vulnerabilities. Google’s Threat Analysis Group has also denoted the exploitation of a critical vulnerability, CVE-2024-43047, in targeted attacks. The vulnerability revolves around the FASTRPC driver, which plays an important role

React to this headline:

Loading spinner

OEMs Are Urged to Address Vulnerabilities in Device Communication Read More »

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

authentication, Don't miss, exploit, GitLab, Hot stuff, News, PoC, ProjectDiscovery, security update, Synactiv, vulnerability /

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain

React to this headline:

Loading spinner

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »

Security Updates for Adobe FrameMaker: Addressing Critical Vulnerabilities

Abode, Adobe Commerce, Adobe FrameMaker, vulnerability /

Security Updates for Adobe FrameMaker: Addressing Critical Vulnerabilities 2024-10-09 at 14:02 By dakshsharma16 Overview Adobe has released new updates across several of its products, including Adobe FrameMaker, Adobe Substance 3D Printer, Adobe Commerce and Magento Open Source, Adobe Dimension, Adobe Animate, Adobe Lightroom, Adobe InCopy, Adobe InDesign, and Adobe Substance 3D Stager. The primary reason

React to this headline:

Loading spinner

Security Updates for Adobe FrameMaker: Addressing Critical Vulnerabilities Read More »

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

0-day, CVE, Don't miss, Hot stuff, Microsoft, NetSPI, News, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows /

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »

Scroll to Top