vulnerability

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762)

CVE, Don't miss, Eclypsium, firmware, hardware, Hot stuff, Intel, Lenovo, News, vulnerability /

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) 2024-06-21 at 14:31 By Zeljka Zorz A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privileges and run arbitrary code within the firmware during runtime. “This type of low-level exploitation is typical of firmware backdoors (e.g., […]

React to this headline:

Loading spinner

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) Read More »

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability

Endpoint Security, UEFI, vulnerability /

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability 2024-06-20 at 16:46 By Eduard Kovacs Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware. The post Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability

React to this headline:

Loading spinner

Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability Read More »

Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira

Atlassian, Vulnerabilities, vulnerability /

Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira 2024-06-20 at 14:01 By Ionut Arghire Atlassian has released Confluence, Crucible, and Jira updates to address multiple high-severity vulnerabilities. The post Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira Read More »

Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition

Chrome, Vulnerabilities, vulnerability /

Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition 2024-06-19 at 14:31 By Ionut Arghire Google has released a Chrome 126 security update with six fixes, including four for externally reported high-severity flaws. The post Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Chrome 126 Update Patches Vulnerability Exploited at Hacking Competition Read More »

Rising exploitation in enterprise software: Key trends for CISOs

Action1, cybersecurity, News, report, survey, vulnerability /

Rising exploitation in enterprise software: Key trends for CISOs 2024-06-19 at 06:01 By Help Net Security Action1 researchers found an alarming increase in the total number of vulnerabilities across all enterprise software categories. “With the NVD’s delay in associating Common Vulnerabilities and Exposures (CVE) identifiers with CPE (Common Platform Enumeration) data, our report comes at

React to this headline:

Loading spinner

Rising exploitation in enterprise software: Key trends for CISOs Read More »

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, News, virtualization, VMWare, vulnerability /

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) 2024-06-18 at 12:16 By Zeljka Zorz VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation. “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially

React to this headline:

Loading spinner

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) Read More »

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability

exploit, vulnerability /

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability 2024-06-14 at 18:31 By Neetha Overview  On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature

React to this headline:

Loading spinner

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability Read More »

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability 

exploit, vulnerability /

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  2024-06-14 at 18:16 By Neetha Overview  On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature on

React to this headline:

Loading spinner

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  Read More »

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

ICS, ICS/OT, Rockwell Automation, Vulnerabilities, vulnerability /

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE 2024-06-14 at 13:46 By Eduard Kovacs Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software. The post Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE Read More »

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools

AI, AI/ML, Artificial Intelligence, vulnerability /

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools 2024-06-14 at 10:01 By Ionut Arghire Protect AI warns of a dozen critical vulnerabilities in open source AI/ML tools reported via its bug bounty program. The post Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools Read More »

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

CVE, Devcore, Don't miss, exploit, Hot stuff, Imperva, News, PHP, Ransomware, vulnerability, WatchTowr, Windows /

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) 2024-06-13 at 15:01 By Zeljka Zorz An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and one

React to this headline:

Loading spinner

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) Read More »

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities 2024-06-12 at 13:31 By Ionut Arghire Google and Mozilla have released patches for 21 and 15 vulnerabilities in Chrome and Firefox, respectively. The post Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities Read More »

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

Android, CVE, DevOps, Don't miss, Hot stuff, Java, JetBrains, Kotlin, News, software development, vulnerability /

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) 2024-06-11 at 15:46 By Zeljka Zorz JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. About CVE-2024-37051 JetBrains offers IDEs for various programming languages. CVE-2024-37051 is a vulnerability in the

React to this headline:

Loading spinner

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) Read More »

Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft

AI, Artificial Intelligence, Vulnerabilities, vulnerability /

Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft 2024-06-10 at 17:31 By Ionut Arghire A critical vulnerability in the PyTorch distributed RPC framework could be exploited for remote code execution. The post Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft Read More »

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

CVE, Don't miss, enterprise, file-sharing, Hot stuff, News, SolarWinds, vulnerability /

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) 2024-06-07 at 20:01 By Zeljka Zorz SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-28995 Serv-U MFT Server is a widely used enterprise solution that

React to this headline:

Loading spinner

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) Read More »

Zyxel patches critical flaws in EOL NAS devices

CVE, Don't miss, Hot stuff, NAS, News, Outpost24, patch, PoC, vulnerability, Zyxel /

Zyxel patches critical flaws in EOL NAS devices 2024-06-06 at 14:46 By Zeljka Zorz Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities The three vulnerabilities are: A command injection vulnerability in the CGI program that could allow

React to this headline:

Loading spinner

Zyxel patches critical flaws in EOL NAS devices Read More »

Vulnerability in Cisco Webex cloud service exposed government authorities, companies

Cisco, cloud security, Don't miss, enterprise, Europe, Germany, Government, Hot stuff, News, research, video conferencing, vulnerability, Webex /

Vulnerability in Cisco Webex cloud service exposed government authorities, companies 2024-06-05 at 22:33 By Zeljka Zorz The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party of Germany (SPD) via their self-hosted Cisco Webex instances similarly affected the Webex

React to this headline:

Loading spinner

Vulnerability in Cisco Webex cloud service exposed government authorities, companies Read More »

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Censys, CVE, Don't miss, enterprise, Hot stuff, News, PoC, Progress, vulnerability /

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) 2024-06-04 at 17:46 By Zeljka Zorz Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and

React to this headline:

Loading spinner

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) Read More »

Details of Atlassian Confluence RCE Vulnerability Disclosed

Atlassian, Vulnerabilities, vulnerability /

Details of Atlassian Confluence RCE Vulnerability Disclosed 2024-06-04 at 17:16 By Ionut Arghire SonicWall has shared technical details on a recently addressed high-severity remote code execution flaw in Confluence. The post Details of Atlassian Confluence RCE Vulnerability Disclosed appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Details of Atlassian Confluence RCE Vulnerability Disclosed Read More »

Progress Patches Critical Vulnerability in Telerik Report Server

Vulnerabilities, vulnerability /

Progress Patches Critical Vulnerability in Telerik Report Server 2024-06-04 at 15:46 By Ionut Arghire A critical vulnerability in the Progress Telerik Report Server could allow unauthenticated attackers to access restricted functionality. The post Progress Patches Critical Vulnerability in Telerik Report Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Progress Patches Critical Vulnerability in Telerik Report Server Read More »

Scroll to Top