Critical Vulnerability in Tinyproxy Instances
Tinyproxy has released security fixes addressing a critical vulnerability (CVE-2023-49606) in their internet-exposed instances. The vulnerability has a Common Vulnerability...
News
US-CERT Vulnerability Summary for the Week of April 29, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Active Exploitation of Critical Vulnerability in WordPress Automatic Plugin
ValvePress has released security updates to address a critical vulnerability (CVE-2024-27956) impacting WordPress Automatic plugin. This vulnerability has a Common...
High-Severity Vulnerability in R Programming Language
R Project has released updates addressing a high-severity vulnerability (CVE-2024-27322) affecting the R programming language. This vulnerability has a Common...
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite...
GitLab Multiple Vulnerabilities
Multiple vulnerabilities were identified in GitLab. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, elevation of...
Microsoft Monthly Security Update (April 2024)
Microsoft has released monthly security update for their products: Vulnerable ProductRisk LevelImpactsNotesBrowser Low RiskSpoofing Windows High RiskSecurity Restriction Bypass Remote Code Execution...
Key Insights from the 2024 Data Breach Investigations Report
The 2024 Data Breach Investigations Report (DBIR) presents an extensive analysis of the current state of cybersecurity, documenting over 30,458...
Smart devices: new law helps citizens to choose secure products
Smart devices: new law helps citizens to choose secure products From 29 April 2024, manufacturers of consumer ‘smart’ devices must...
US-CERT Vulnerability Summary for the Week of April 22, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.
Cisco has disclosed three vulnerabilities (CVE-2024-20353, CVE-2024-20359 and CVE-2024-20358) in their Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products....
Cisco Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code...
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM)...
US-CERT Vulnerability Summary for the Week of April 15, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
Palo Alto Products Remote Code Execution Vulnerability
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on...
Cryptographic Vulnerability in PuTTY
The PuTTy Project has released a security update to address a cryptographic vulnerability (CVE-2024-31497) in PuTTY.Successful exploitation of this vulnerability...
Cyber Assessment Framework 3.2
Cyber Assessment Framework 3.2 In the two years since the last version of the NCSC Cyber Assessment Framework (CAF) was...
Palo Alto Products Remote Code Execution Vulnerability
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on...
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments. Microsoft recently uncovered an attack that exploits new critical vulnerabilities...
Palo Alto Products Remote Code Execution Vulnerability
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on...
Critical Vulnerabilities in Ivanti Avalanche
Ivanti has released security updates addressing two critical vulnerabilities (CVE-2024-24996 and CVE-2024-29204) in their Avalanche mobile device management (MDM) products...
Palo Alto Products Remote Code Execution Vulnerability
A vulnerability has been identified in Palo Alto Products. A remote attacker can exploit this vulnerability to trigger remote code execution on...
Oracle Products Multiple Vulnerabilities
Multiple vulnerabilities were identified in Oracle Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service...
US-CERT Vulnerability Summary for the Week of April 8, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and...
