Google has issued an urgent security update for its Chrome browser to address a high-severity “out of bounds write” vulnerability in its V8 JavaScript engine, tracked as CVE-2024-4761. This vulnerability has been confirmed as...
Citrix has issued a warning to its clients regarding the need for manual mitigation of a vulnerability in the SSH client PuTTY, which could allow malicious actors to steal the SSH private key of...
Recent vulnerabilities in Ivanti Connect Secure devices have enabled attackers to deploy the Mirai botnet, according to security researchers from Juniper. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, are currently being actively exploited. The...
F5 has announced the rectification of two critical vulnerabilities in the BIG-IP Next Central Manager system, which could have been exploited to gain administrative access and create covert unauthorized accounts on managed devices. The...
In a swift response to a severe security threat, Google has rolled out emergency updates for Chrome after discovering a zero-day vulnerability that was being actively exploited. This security breach, known as CVE-2024-4671, concerns...
Kaspersky Lab has presented a review of changes in the cyber threat landscape for the first quarter of 2024, noting an increase in software vulnerabilities that underscores the importance of timely responses to new...
Researchers from Leviathan Security have identified a severe security threat that impacts nearly all virtual private network (VPN) applications. Dubbed “TunnelVision,” and assigned the identifier CVE-2024-3661 (CVSS score of 7.6 out of 10), this...
Censys has disclosed details of a new cyber espionage campaign, ArcaneDoor, which is believed to be linked to China. The attacks reportedly began in July 2023, with the first incident detected in January 2024....
Over 50% of the 90,310 servers utilizing the Tinyproxy proxy tool are vulnerable due to a critical flaw, designated CVE-2023-49606, which has been rated 9.8 out of a possible 10 on the CVSS scale....
Recently, Aruba Networks, a subsidiary of Hewlett Packard Enterprise (HPE), disclosed information about ten vulnerabilities in its ArubaOS operating system, four of which are classified as critical. These vulnerabilities could potentially allow arbitrary code...
The cybersecurity firm Oversecured has uncovered vulnerabilities in Android applications from Xiaomi, affecting users globally. The investigation revealed 20 vulnerabilities associated with unauthorized access to system data, file theft, and leakage of phone and...
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have urged software developers to more proactively identify and remedy path traversal vulnerabilities before releasing products to the market. Such...
Microsoft has issued a warning to Android users about a new exploit dubbed “Dirty Stream,” which allows malicious applications to overwrite files in another application’s home directory, potentially leading to arbitrary code execution and...
Recently, cybersecurity experts at FortiGuard Labs discovered a previously unseen botnet network named Goldoon, targeting D-Link routers via the CVE-2015-2051 vulnerability, which has been known for nearly a decade. This vulnerability, rated nearly at...
A critical flaw in the GitLab system, which allows the interception and control of user accounts, was recently added to the CISA catalog of known exploitable vulnerabilities. This issue, identified as CVE-2023-7028 and rated...
Verizon’s annual Data Breach Investigations Report reveals a disturbing trend in cybersecurity: the use of vulnerabilities as an initial breach point has nearly tripled compared to last year, now accounting for 14% of all...
