CVE-2021-3580
Summary: A flaw was found in the way nettle's RSA decryption functions handled specially crafted ciphertext. An attacker could use...
CVE-2020-28948
Summary: Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Reference Links(if available):...
CVE-2020-28948
Summary: Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked. Reference Links(if available):...
CVE-2020-28949
Summary: Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such...
CVE-2020-36193
Summary: Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a...
Hackers attack Russian organizations through a new Microsoft Office vulnerability
Information security specialists from Kaspersky Lab reported that hackers are trying to attack Russian companies through a new vulnerability in...
Republican Governors Association Targeted in Microsoft Exchange Server Attacks
The Republican Governors Association was one of many U.S. organizations attacked in March when a nation-state group exploited vulnerabilities in...
Scammers Use ‘IT Support-Themed Email’ to Target Organizations
Cybersecurity researchers at Cofense Phishing Defense Center (PDC) have unearthed a new phishing campaign that uses 'information technology (IT) support-themed...
South Africa’s Department of Justice hit by a Ransomware Attack
South Africa's Justice Department was attacked earlier this month by a major ransomware attack and has been struggling since then...
A Look at the Triple Extortion Ransomware
Ransomware has traditionally concentrated on encryption, but one of the most common recent additions is the exfiltration and threatening disclosure...
BatchQL – GraphQL Security Auditing Script With A Focus On Performing Batch GraphQL Queries And Mutations
BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is...
Concealed Position – Bring Your Own Print Driver Privilege Escalation Tool
Concealed Position is a local privilege escalation attack against Windows using the concept of "Bring Your Own Vulnerability". Specifically, Concealed...
Expert discloses details and PoC code for Netgear Seventh Inferno bug
A new critical vulnerability in Netgear smart switches can be exploited by an attacker to potentially execute malicious code and...
CVE-2021-26333 AMD Chipset Driver flaw allows obtaining sensitive data
Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333, that could allow an attacker to obtain sensitive...
Experts warn that Mirai Botnet starts exploiting OMIGOD flaw
The Mirai botnet starts exploiting the recently disclosed OMIGOD vulnerability to compromise vulnerable systems exposed online. Threat actors behind a...
CVE-2021-30858
Summary: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and...
CVE-2021-30860
Summary: An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS...
CVE-2021-30860
Summary: An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS...
CVE-2021-30860
Summary: An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS...
CVE-2021-33193
Summary: A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request...
CVE-2021-37576
Summary: arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host...
CVE-2021-40346
Summary: An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP...
Facebook’s own research reveals the harm that Instagram can inflict
For years, people have accused social media, and particularly image-driven sites like Instagram, of being bad for young people, particularly...
FBI and CISA warn of APT groups exploiting ADSelfService Plus
In a joint advisory the FBI, the United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security...
