vulnerability

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) 2024-10-22 at 14:02 By Zeljka Zorz Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by […]

React to this headline:

Loading spinner

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) Read More »

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) 2024-10-22 at 12:34 By Zeljka Zorz Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and

React to this headline:

Loading spinner

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) Read More »

Splunk’s Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise

Splunk’s Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise 2024-10-21 at 15:33 By daksh sharma Overview Splunk has recently issued an advisory detailing multiple vulnerabilities discovered in its Splunk Enterprise software. The advisory categorize vulnerabilities into three primary classifications based on their CVSS base scores. In total, there are two vulnerabilities classified as High, with

React to this headline:

Loading spinner

Splunk’s Latest Advisory: Addressing Multiple Vulnerabilities in Splunk Enterprise Read More »

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products 2024-10-21 at 14:18 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Industrial Control System (ICS) Vulnerability Intelligence Report, sharing multiple vulnerabilities observed by the Cybersecurity and Infrastructure Security Agency (CISA) between

React to this headline:

Loading spinner

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products Read More »

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products 2024-10-21 at 13:56 By daksh sharma Overview Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Industrial Control System (ICS) Vulnerability Intelligence Report, sharing multiple vulnerabilities observed by the Cybersecurity and Infrastructure Security Agency (CISA) between

React to this headline:

Loading spinner

Weekly Industrial Control System (ICS) Intelligence Report: 54 New Vulnerabilities in Siemens, Rockwell Automation, and Delta Products Read More »

SolarWinds Releases Patches for High-Severity Vulnerabilities

SolarWinds Releases Patches for High-Severity Vulnerabilities 2024-10-17 at 16:46 By daksh sharma Overview SolarWinds has issued an important security update advisory outlining the latest vulnerability patches released for its products. This advisory provides insights into recently disclosed vulnerabilities affecting the SolarWinds range and emphasizes the need for organizations to take immediate action to protect their

React to this headline:

Loading spinner

SolarWinds Releases Patches for High-Severity Vulnerabilities Read More »

GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments

GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments 2024-10-17 at 14:31 By daksh sharma Overview GitHub has issued a security advisory regarding critical vulnerabilities that require immediate attention from users of the GitHub Enterprise Server (GHES). This advisory highlights a specific vulnerability that could severely compromise organizations’ security relying on this self-hosted version

React to this headline:

Loading spinner

GitHub Releases Security Advisory on Critical Vulnerability in Self-Hosted Environments Read More »

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products 2024-10-16 at 14:14 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory report highlighting vulnerabilities recently added to the Known Exploited Vulnerability (KEV) catalog. These vulnerabilities pose risks to organizations and require immediate attention. CISA categorizes vulnerabilities based on

React to this headline:

Loading spinner

CISA Issues Urgent Advisory on Vulnerabilities Affecting Multiple Products Read More »

Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors

Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors 2024-10-15 at 15:16 By rohansinhacyblecom Overview On September 10, 2024, a critical vulnerability, CVE-2024-45409, was identified by ahacker1 of SecureSAML. The vulnerability was then patched in the Ruby-SAML library, which is widely used for implementing SAML (Security Assertion Markup Language) authorization. This flaw affects Ruby-SAML

React to this headline:

Loading spinner

Active Exploitation of SAML Vulnerability CVE-2024-45409 Detected by Cyble Sensors Read More »

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) 2024-10-15 at 14:49 By Zeljka Zorz Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the

React to this headline:

Loading spinner

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Read More »

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits 2024-10-15 at 12:52 By daksh sharma Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) investigated 22 vulnerabilities during the week of Oct. 2-8 and identified six products that security teams should prioritize for patching and mitigation. Additionally, Cyble researchers detected 14

React to this headline:

Loading spinner

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, Microsoft Dark Web Exploits Read More »

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) 2024-10-10 at 15:31 By Zeljka Zorz Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in

React to this headline:

Loading spinner

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) Read More »

Cyble Urges ICS Vulnerability Fixes for TEM, Mitsubishi, and Delta Electronics

Cyble Urges ICS Vulnerability Fixes for TEM, Mitsubishi, and Delta Electronics 2024-10-10 at 15:18 By dakshsharma16 Key Takeaways Overview Cyble researchers have identified vulnerabilities in three products used in critical infrastructure environments that merit high-priority attention from security teams. Cyble’s weekly industrial control system/operational technology (ICS/OT) vulnerability report for Oct. 1-7 investigated 10 vulnerabilities in

React to this headline:

Loading spinner

Cyble Urges ICS Vulnerability Fixes for TEM, Mitsubishi, and Delta Electronics Read More »

OEMs Are Urged to Address Vulnerabilities in Device Communication

OEMs Are Urged to Address Vulnerabilities in Device Communication 2024-10-09 at 17:31 By dakshsharma16 Overview Qualcomm has shared its October 2024 Security Bulletin, highlighting multiple vulnerabilities. Google’s Threat Analysis Group has also denoted the exploitation of a critical vulnerability, CVE-2024-43047, in targeted attacks. The vulnerability revolves around the FASTRPC driver, which plays an important role

React to this headline:

Loading spinner

OEMs Are Urged to Address Vulnerabilities in Device Communication Read More »

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain

React to this headline:

Loading spinner

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »

Security Updates for Adobe FrameMaker: Addressing Critical Vulnerabilities

Security Updates for Adobe FrameMaker: Addressing Critical Vulnerabilities 2024-10-09 at 14:02 By dakshsharma16 Overview Adobe has released new updates across several of its products, including Adobe FrameMaker, Adobe Substance 3D Printer, Adobe Commerce and Magento Open Source, Adobe Dimension, Adobe Animate, Adobe Lightroom, Adobe InCopy, Adobe InDesign, and Adobe Substance 3D Stager. The primary reason

React to this headline:

Loading spinner

Security Updates for Adobe FrameMaker: Addressing Critical Vulnerabilities Read More »

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »

Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) 2024-10-08 at 15:31 By Zeljka Zorz An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has confirmed patches for 20 vulnerabilities affecting both proprietary and open source software running on its various chipsets. Among

React to this headline:

Loading spinner

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) Read More »

Cyble Honeypot Sensors Detect D-Link, Cisco, QNAP and Linux Attacks

Cyble Honeypot Sensors Detect D-Link, Cisco, QNAP and Linux Attacks 2024-10-08 at 13:49 By dakshsharma16 Key Takeaways Overview Cyble’s Vulnerability Intelligence unit last week detected numerous exploit attempts, malware intrusions, phishing campaigns, and brute-force attacks via its network of Honeypot sensors. In the week of Sept. 25-Oct. 1, Cyble researchers identified several recent active exploits, including new attacks against a number of

React to this headline:

Loading spinner

Cyble Honeypot Sensors Detect D-Link, Cisco, QNAP and Linux Attacks Read More »

CISA Flags Multiple Critical Vulnerabilities Exposed Across Major Platforms

CISA Flags Multiple Critical Vulnerabilities Exposed Across Major Platforms 2024-10-08 at 09:17 By dakshsharma16 The Cybersecurity and Infrastructure Security Agency (CISA) has added multiple vulnerabilities to its known Exploited Vulnerabilities (KEV) catalog. A total of six vulnerabilities have been identified across various products, including Zimbra Collaboration, Ivanti, D-Link, DrayTek, GPAC, and SAP. Notably, these vulnerabilities

React to this headline:

Loading spinner

CISA Flags Multiple Critical Vulnerabilities Exposed Across Major Platforms Read More »

Scroll to Top