Discover how the 'Indirector' attack threatens Intel CPUs and learn about the 'TIKTAG' vulnerability in Arm processors.

What if there was a supply chain attack that could provide an attacker with direct access to core infrastructure within thousands of companies worldwide. What if that attack required no social engi…

A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user.

Critical security flaw in Fortra FileCatalyst Workflow allows database tampering. Patch available.

Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead […]

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details.

Critical Microsoft Outlook vulnerability, CVE-2024-30103, and step-by-step instructions to force an update to all your end points.

Arm discloses a critical vulnerability (CVE-2024-4610) in Mali GPU Kernel Drivers. This flaw, actively exploited, affects versions from r34p0 to r40p0

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability.
#Microsoft #Patch #Security #Tuesday #Update #Vulnerability #Windows

A previously discovered vulnerability affecting self-hosted Cisco Webex instances similarly affected the Webex cloud service.

NIST announced on Wednesday that it will be receiving outside help to get the National Vulnerability Database (NVD) back on track within the next few months.

The organization informed the cybersecurity community in February that it should expect delays in the analysis of Common Vulnerabilities and Exposures (CVE) identifiers in the NVD, saying that it was working to establish a consortium to improve the program.

Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun t

Researchers have discovered several vulnerabilities in popular WordPress plugins that allow attackers to create rogue admin accounts.
#attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability

Our customers’ safety is our utmost priority. In order to protect our customers from any potential security threats, we’ve rolled out major bug-fix releases for several older versions of TeamCity (versions 2022.04 through 2023.11).

A couple months ago, my colleague Winston Ho and I chained a series of unfortunate bugs into a zero-interaction local privilege escalation in Zscaler Client Connector. This was an interesting journey into Windows RPC caller validation and bypassing several checks, including Authenticode verification. Check out the original Medium blogpost for Winston’s own ZSATrayManager Arbitrary File Deletion (CVE-2023-41969)!

The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.

Infosec is, at it’s heart, all about that data. Obtaining access to it (or disrupting access to it) is in every ransomware gang and APT group’s top-10 to-do-list items, and so it makes sense that our research voyage would, at some point, cross paths with products intended to manage - and safeguard - this precious resource.

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.