vulnerability

Protected: Active Exploitation of Atlassian Confluence RCE Vulnerability (CVE-2023-22527)

Annoucement, exploit, vulnerability /

Protected: Active Exploitation of Atlassian Confluence RCE Vulnerability (CVE-2023-22527) 2024-01-30 at 16:02 By neetha871ad236bd There is no excerpt because this is a protected post. The post Protected: Active Exploitation of Atlassian Confluence RCE Vulnerability (CVE-2023-22527) appeared first on Cyble. The post Protected: Active Exploitation of Atlassian Confluence RCE Vulnerability (CVE-2023-22527) appeared first on Cyble. This […]

React to this headline:

Loading spinner

Protected: Active Exploitation of Atlassian Confluence RCE Vulnerability (CVE-2023-22527) Read More »

Self-managed GitLab installations should be patched again (CVE-2024-0402)

DevOps, Don't miss, GitLab, Hot stuff, News, security update, software development, vulnerability /

Self-managed GitLab installations should be patched again (CVE-2024-0402) 2024-01-30 at 14:02 By Zeljka Zorz Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability (CVE-2024-0402) in GitLab CE/EE again and is urging users to update their installations immediately. GitLab Inc. operates

React to this headline:

Loading spinner

Self-managed GitLab installations should be patched again (CVE-2024-0402) Read More »

Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution

Vulnerabilities, vulnerability /

Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution 2024-01-29 at 18:21 By Ionut Arghire Two memory safety vulnerabilities in WatchGuard and Panda Security products could lead to code execution with System privileges. The post Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution Read More »

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

Don't miss, exploit, Hot stuff, Jenkins, News, open source, PoC, security update, SonarSource, vulnerability /

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) 2024-01-29 at 13:31 By Helga Labus Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins has been made public and there’s evidence of exploitation in the wild. About CVE-2024-23897 Jenkins is a widely used Java-based open-source automation server that helps

React to this headline:

Loading spinner

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) Read More »

Critical Jenkins Vulnerability Leads to Remote Code Execution

Vulnerabilities, vulnerability /

Critical Jenkins Vulnerability Leads to Remote Code Execution 2024-01-26 at 14:02 By Ionut Arghire A critical vulnerability in Jenkins’ built-in CLI allows remote attackers to obtain cryptographic keys and execute arbitrary code. The post Critical Jenkins Vulnerability Leads to Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Critical Jenkins Vulnerability Leads to Remote Code Execution Read More »

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug

GitLab, Vulnerabilities, vulnerability /

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug 2024-01-25 at 15:46 By Ionut Arghire Over 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability. The post Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug Read More »

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Don't miss, enterprise, file-sharing, Fortra, Horizon3.ai, Hot stuff, News, PoC, Shodan, SMBs, Tenable, vulnerability /

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) 2024-01-24 at 15:32 By Zeljka Zorz Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution

React to this headline:

Loading spinner

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) Read More »

Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets

ATM, Bitcoin, Vulnerabilities, vulnerability /

Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets 2024-01-23 at 20:46 By Ionut Arghire Hackers could exploit Lamassu Douro ATM vulnerabilities to take over devices, steal bitcoin from users. The post Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets Read More »

Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure

Atlassian, Confluence, exploited, Featured, Vulnerabilities, vulnerability /

Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure 2024-01-22 at 18:16 By Eduard Kovacs The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed.  The post Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure Read More »

Attackers can steal NTLM password hashes via calendar invites

authentication, Don't miss, enterprise, Hot stuff, News, Outlook, passwords, SMBs, Varonis, vulnerability, Windows /

Attackers can steal NTLM password hashes via calendar invites 2024-01-22 at 15:46 By Zeljka Zorz A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has

React to this headline:

Loading spinner

Attackers can steal NTLM password hashes via calendar invites Read More »

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

CISA, Don't miss, endpoint management, exploit, GreyNoise, Ivanti, News, Rapid7, vulnerability /

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) 2024-01-19 at 19:49 By Zeljka Zorz A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities

React to this headline:

Loading spinner

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) Read More »

Cyble Global Sensors pick up persistent exploitation of Ivanti Connect Secure Vulnerabilities

exploit, Malware, vulnerability /

Cyble Global Sensors pick up persistent exploitation of Ivanti Connect Secure Vulnerabilities 2024-01-19 at 16:18 By cybleinc Cyble Global Sensors pick up persistent exploitation of Ivanti Connect Secure Vulnerabilities Introduction Cyble Global Sensor Intelligence (CGSI) has detected the continuous exploitation of recently revealed vulnerabilities in Ivanti Connect Secure (ICS), previously known as Pulse Connect Secure

React to this headline:

Loading spinner

Cyble Global Sensors pick up persistent exploitation of Ivanti Connect Secure Vulnerabilities Read More »

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks

ICS, ICS/OT, SCADA, Vulnerabilities, vulnerability /

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks 2024-01-18 at 18:16 By Eduard Kovacs Seven vulnerabilities found in Rapid SCADA could be exploited to gain access to sensitive industrial systems, but they remain unpatched. The post Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks Read More »

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)

Cloud, CSIRO, Don't miss, News, security update, VMWare, vulnerability /

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) 2024-01-18 at 12:16 By Zeljka Zorz A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in the wild” exploitation of this

React to this headline:

Loading spinner

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) Read More »

GitHub Rotates Credentials in Response to Vulnerability

GitHub, Vulnerabilities, vulnerability /

GitHub Rotates Credentials in Response to Vulnerability 2024-01-17 at 15:31 By Ionut Arghire GitHub rotates credentials and releases patches after being alerted of a vulnerability affecting GitHub.com and GitHub Enterprise Server. The post GitHub Rotates Credentials in Response to Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

GitHub Rotates Credentials in Response to Vulnerability Read More »

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian, Atlassian Confluence, CVE, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) 2024-01-16 at 19:46 By Zeljka Zorz Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions

React to this headline:

Loading spinner

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) Read More »

VMware Urges Customers to Patch Critical Aria Automation Vulnerability 

VMWare, Vulnerabilities, vulnerability /

VMware Urges Customers to Patch Critical Aria Automation Vulnerability  2024-01-16 at 16:16 By Eduard Kovacs Aria Automation is affected by a critical vulnerability that could be exploited to gain access to remote organizations and workflows. The post VMware Urges Customers to Patch Critical Aria Automation Vulnerability  appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

VMware Urges Customers to Patch Critical Aria Automation Vulnerability  Read More »

Remote Code Execution Vulnerability Found in Opera File Sharing Feature

Opera, Vulnerabilities, vulnerability /

Remote Code Execution Vulnerability Found in Opera File Sharing Feature 2024-01-16 at 16:16 By Ionut Arghire A vulnerability in Opera browser’s file sharing feature My Flow could be exploited for remote code execution. The post Remote Code Execution Vulnerability Found in Opera File Sharing Feature appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Remote Code Execution Vulnerability Found in Opera File Sharing Feature Read More »

GitLab Patches Critical Password Reset Vulnerability

GitLab, Vulnerabilities, vulnerability /

GitLab Patches Critical Password Reset Vulnerability 2024-01-15 at 13:46 By Ionut Arghire GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails. The post GitLab Patches Critical Password Reset Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

GitLab Patches Critical Password Reset Vulnerability Read More »

Scroll to Top