vulnerability

Critical Bug in Cisco’s URWB Exposes Systems to Root Privilege Command Injection

URWB, vulnerability /

Critical Bug in Cisco’s URWB Exposes Systems to Root Privilege Command Injection 2024-11-07 at 14:06 By daksh sharma Overview Cisco has disclosed a severe vulnerability, tracked as CVE-2024-20418, in its Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points. The flaw, rated with a maximum CVSS score of 10.0, affects multiple Cisco Catalyst […]

React to this headline:

Loading spinner

Critical Bug in Cisco’s URWB Exposes Systems to Root Privilege Command Injection Read More »

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

access point, Cisco, CVE, Don't miss, energy sector, Hot stuff, manufacturing sector, maritime industry, News, vulnerability /

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) 2024-11-07 at 11:33 By Zeljka Zorz Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no workarounds to address this

React to this headline:

Loading spinner

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) Read More »

Critical Vulnerabilities in PTZ Cameras: CISA Adds New Exploits to Its Catalog

PTZ Cameras, vulnerability /

Critical Vulnerabilities in PTZ Cameras: CISA Adds New Exploits to Its Catalog 2024-11-05 at 15:04 By daksh sharma The Cybersecurity and Infrastructure Security Agency (CISA) has recently added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, spotlighting security flaws in Pan-Tilt-Zoom (PTZ) cameras. The vulnerabilities, which affect specific PTZOptics camera models, pose a

React to this headline:

Loading spinner

Critical Vulnerabilities in PTZ Cameras: CISA Adds New Exploits to Its Catalog Read More »

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Android, CVE, Don't miss, Hot stuff, News, Samsung, security update, smartphones, vulnerability /

Google patches actively exploited Android vulnerability (CVE-2024-43093) 2024-11-05 at 13:34 By Zeljka Zorz Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a

React to this headline:

Loading spinner

Google patches actively exploited Android vulnerability (CVE-2024-43093) Read More »

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

CVE, Don't miss, Hot stuff, Midnight Blue, NAS, News, security update, Synology, vulnerability /

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) 2024-11-04 at 16:04 By Zeljka Zorz Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at

React to this headline:

Loading spinner

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Read More »

ICS Vulnerability Intelligence Report: Key Insights and Recommendations

ICS, vulnerability /

ICS Vulnerability Intelligence Report: Key Insights and Recommendations 2024-11-04 at 15:48 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has investigated key ICS vulnerabilities this week, providing critical insights issued by the Cybersecurity and Infrastructure Security Agency (CISA), focusing on multiple flaws in several ICS products. During this reporting period, CISA issued four

React to this headline:

Loading spinner

ICS Vulnerability Intelligence Report: Key Insights and Recommendations Read More »

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager

CISA, FactoryTalk ThinManager, Rockwell Automation, vulnerability /

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager 2024-11-04 at 12:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has alerted about new vulnerabilities in Rockwell Automation FactoryTalk ThinManager. The alert, designated ICSA-24-305-01, outlines serious security risks that could affect users of the software. With a CVSS v4 score of

React to this headline:

Loading spinner

CISA Warns of Critical Vulnerabilities in Rockwell Automation’s FactoryTalk ThinManager Read More »

IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million

darkweb, data breach, exploit, Fortinet, SonicWall, Vulnerabilities, vulnerability /

IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million 2024-11-01 at 13:34 By Paul Shread Overview Cyble Research and Intelligence Labs (CRIL) researchers investigated 17 vulnerabilities and nine dark web exploits during the period of Oct. 23-29, and highlighted seven vulnerabilities that merit high-priority attention from security teams. This week’s IT vulnerability report affects

React to this headline:

Loading spinner

IT Vulnerability Report: Fortinet, SonicWall, Grafana Exposures Top 1 Million Read More »

Ransomware hits web hosting servers via vulnerable CyberPanel instances

CVE, Don't miss, Hot stuff, LeakIX, Linux, News, Ransomware, security update, vulnerability, web hosting /

Ransomware hits web hosting servers via vulnerable CyberPanel instances 2024-10-30 at 16:19 By Zeljka Zorz A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware. The PSAUX ransom note (Source: LeakIX) The CyberPanel vulnerabilities CyberPanel

React to this headline:

Loading spinner

Ransomware hits web hosting servers via vulnerable CyberPanel instances Read More »

New Vulnerabilities Identified in Philips Smart Lighting and Matrix Door Controller

CIVN-2024-0329, Matrix Door Controller, Philips, Philips Smart Lighting, vulnerability /

New Vulnerabilities Identified in Philips Smart Lighting and Matrix Door Controller 2024-10-28 at 17:19 By daksh sharma Overview The Indian Computer Emergency Response Team (CERT-In) has issued two critical vulnerability advisories related to Philips Smart Lighting products and the Matrix Door Controller. Both vulnerabilities are classified as high severity, signaling significant risks for users that

React to this headline:

Loading spinner

New Vulnerabilities Identified in Philips Smart Lighting and Matrix Door Controller Read More »

CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention

exploit, vulnerability /

CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention 2024-10-25 at 16:34 By rohansinhacyblecom Overview The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent advisories regarding two vulnerabilities that pose substantial risks to organizations: CVE-2024-20481, a denial-of-service (DoS) vulnerability affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD), and CVE-2024-37383,

React to this headline:

Loading spinner

CISA Warns of Critical Vulnerabilities: CVE-2024-20481 and CVE-2024-37383 Require Immediate Attention Read More »

Exploited: Cisco, SharePoint, Chrome vulnerabilities

brute-force, Chrome, CISA, Cisco, Don't miss, enterprise, exploit, Hot stuff, Kaspersky, News, PoC, SharePoint, vulnerability /

Exploited: Cisco, SharePoint, Chrome vulnerabilities 2024-10-25 at 13:33 By Zeljka Zorz Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting the software powering its

React to this headline:

Loading spinner

Exploited: Cisco, SharePoint, Chrome vulnerabilities Read More »

CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager 

vulnerability /

CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager  2024-10-24 at 17:03 By Cyble Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has added Fortinet’s FortiManager to its known Exploited Vulnerabilities (KEV) catalog, indicating a pressing need for organizations to address the associated risks.  The critical vulnerability identified as CVE-2024-47575 has been assigned a CVSS score

React to this headline:

Loading spinner

CISA Flags Critical Vulnerability (CVE-2024-47575) in Fortinet’s FortiManager  Read More »

Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More 

vulnerability /

Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More  2024-10-24 at 15:48 By Cyble Overview  Cyble Research & Intelligence Labs (CRIL) has shared new details about weekly industrial control systems (ICS) vulnerabilities. These vulnerabilities were issued by the Cybersecurity and Infrastructure Security Agency (CISA) from October 15 to

React to this headline:

Loading spinner

Weekly Industrial Control System (ICS) Vulnerability Intelligence Report: New Flaws Affecting Siemens, Schneider Electric, and More  Read More »

CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog

vulnerability /

CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog 2024-10-23 at 16:01 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) recently added a vulnerability related to ScienceLogic SL1, previously known as EM7, to its Known Exploited Vulnerabilities (KEV) catalog.   The specific vulnerability in question, designated as CVE-2024-9537, has been

React to this headline:

Loading spinner

CISA Adds ScienceLogic SL1 Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog Read More »

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed

vulnerability /

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed 2024-10-23 at 14:33 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory regarding newly discovered vulnerabilities in Microsoft SharePoint, specifically addressing a deserialization vulnerability now included in CISA’s Known Exploited Vulnerability (KEV) catalog.  The

React to this headline:

Loading spinner

CISA Warns About New Microsoft SharePoint Vulnerability CVE-2024-38094: High Risks and Immediate Patching Needed Read More »

Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations

Bitdefender, vulnerability /

Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations 2024-10-22 at 16:16 By daksh sharma Overview Bitdefender has issued a security advisory detailing critical vulnerabilities within its flagship products, Bitdefender Total Security and SafePay. These vulnerabilities pose significant risks to users and require urgent patching.  Bitdefender Total Security serves as a cybersecurity solution designed to protect

React to this headline:

Loading spinner

Bitdefender Total Security Vulnerabilities: Recent Patches and Recommendations Read More »

Cyble Sensors Detect Attacks on Java Framework, IoT Devices

vulnerability /

Cyble Sensors Detect Attacks on Java Framework, IoT Devices 2024-10-22 at 15:40 By daksh sharma Overview Cyble’s weekly sensor intelligence report detailed more than 30 active attack campaigns against known vulnerabilities. New attacks were observed against a vulnerability in the Spring Java framework, and more than 400,000 attacks were observed exploiting a known IoT vulnerability.

React to this headline:

Loading spinner

Cyble Sensors Detect Attacks on Java Framework, IoT Devices Read More »

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

Broadcom, CVE, Don't miss, Hot stuff, News, security update, virtualization, VMWare, vulnerability /

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) 2024-10-22 at 14:02 By Zeljka Zorz Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by

React to this headline:

Loading spinner

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) Read More »

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

CVE, Don't miss, exploit, Hot stuff, News, Positive Technologies, Roundcube, vulnerability /

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) 2024-10-22 at 12:34 By Zeljka Zorz Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and

React to this headline:

Loading spinner

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) Read More »

Scroll to Top