Security researchers at Horizon3 have disclosed a Proof-of-Concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiClient EMS, which is currently being actively exploited by hackers. The SQL injection vulnerability, CVE-2023-48788 (with a CVSS...
Annually in August, thousands of cybersecurity professionals gather in Las Vegas for an event often dubbed the “hackers’ summer camp.” This period marks the convening of two of the largest information security conferences: Black...
Researchers have uncovered a grave vulnerability within the microarchitecture of Apple’s M-series chips, enabling malefactors to extract secret keys from Mac devices, encompassing both computers and laptops. The crux of the issue lies in...
Ivanti has issued a warning regarding a critical vulnerability in its Standalone Sentry product, which allows attackers to remotely execute arbitrary commands. Designated as CVE-2023-41724, this vulnerability has been rated at 9.6 on the...
In a recent report titled “The State of API Security in 2024” by Imperva, it was revealed that the majority of internet traffic, approximately 70%, is attributed to API calls. In 2023, an average...
Specialists at Check Point Research have uncovered a method of attacking Ethereum blockchain wallets via the CREATE2 function, which enables cybercriminals to circumvent standard security measures and gain unauthorized access to users’ funds. The...
The finale of the North American division of the esteemed eSports discipline Apex Legends was abruptly suspended due to a breach of “competitive integrity.” A nefarious individual managed to infiltrate the computers of professional...
Security experts have recently disclosed a high-severity vulnerability in Kubernetes that, under certain conditions, could allow an attacker to remotely execute code with elevated privileges. “The vulnerability allows remote code execution with SYSTEM privileges on...
Fortinet has released an update to rectify a critical vulnerability in the FortiClient Enterprise Management Server (EMS) software, which allowed attackers to remotely execute code on susceptible servers. FortiClient EMS provides administrators with tools...
In mid-January, security researchers identified a significant campaign distributing the malicious software DarkGate, exploiting a recently patched Microsoft Windows security vulnerability in a zero-day fashion, that is, before its correction. According to Trend Micro,...
A new threat, codenamed GhostRace (CVE-2024-2193), has been identified by research teams from the Vrije Universiteit Amsterdam and IBM Research Europe. This vulnerability compromises the foundational security tools of operating systems and may result...
The team behind GrapheneOS, which is dedicated to developing a secure iteration of the Android Open Source Project (AOSP), identified a flaw within the Bluetooth stack of Android 14 that could lead to remote...
Intel has updated the microcode for its processors to address five security vulnerabilities and has also integrated new code into the Linux kernel to mitigate the effects of a new vulnerability (CVE-2023-28746) related to...
Over the last three weeks, more than 3,900 WordPress sites have been targeted in a new malicious campaign aimed at exploiting a vulnerability in the Popup Builder plugin to inject harmful JavaScript content into...
In the realm of cybersecurity, a critical vulnerability has been discovered affecting Progress Software products, specifically the OpenEdge Authentication Gateway and AdminServer. This flaw poses a significant threat to authentication mechanisms, potentially allowing malefactors...
A new study by the University of Chicago has uncovered a vulnerability within the Meta Quest VR system that allows malefactors to hijack user devices, pilfer confidential information, and manipulate social interactions using generative...
