Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. click here to read full Article...
Google announced that it will pay researchers to find exploits using vulnerabilities, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. click...
CISA has issued this year’s first binding operational directive (BOD) ordering federal civilian agencies to mitigate security vulnerabilities exploited in the wild within an aggressive timeline. click here to read full Article Read More...
Multiple vulnerabilities have been disclosed in Hitachi Vantara’s Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system...
After Internet Explorer, Magnitude Exploit Kit has been observed infecting Chromium-based browsers running on Windows OS in a series of attacks. It abuses two flaws: the first one is a remote code execution issue...
Researchers at Cider Security have uncovered a security loophole in GitHub Actions that allows adversaries to bypass the required reviews mechanism and push non-reviewed code to a protected branch, allowing it into the pipeline...
Multiple flaws have been disclosed in softphone software from Linphone and MicroSIP that could be exploited by an unauthenticated remote adversary to crash the client and even extract sensitive information by simply making a...
Apache, the open-source cross-platform web server software, rolled out patches to fix two security vulnerabilities that were being abused by criminals. While the first flaw can be exploited for RCE, the other moderate flaw...
These devices range from Software as a Medical Device, such as certain mobile phone applications, to implantable medical devices, such as pacemakers, the federal agency notes. click here to read full Article Read More...
A CISA advisory warned regarding multiple security vulnerabilities affecting all versions of Honeywell Experion PKS and ACE controllers that could enable remote code execution and denial-of-service. click here to read full Article Read more...
The proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. click here to read...
Apple has released a security patch update for its range of devices in the wake of a vulnerability exploited by invasive spyware built by NSO Group. The first flaw, tracked as CVE-2021-30860, which is...
Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. <!–adsense–> Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern...
Apple has issued emergency security updates to address two critical vulnerabilities impacting its entire fleet of devices–news that rattled both the tech company and cybersecurity industry given the severity of the flaws. With more...
An examination by a researcher revealed security shortcomings that might be combined and abused to either bypass authentication mechanisms or used as part of phishing attacks. click here to read full Article Read more...
Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote...
