Researchers from Leviathan Security have identified a severe security threat that impacts nearly all virtual private network (VPN) applications. Dubbed “TunnelVision,” and assigned the identifier CVE-2024-3661 (CVSS score of 7.6 out of 10), this...
Censys has disclosed details of a new cyber espionage campaign, ArcaneDoor, which is believed to be linked to China. The attacks reportedly began in July 2023, with the first incident detected in January 2024....
Over 50% of the 90,310 servers utilizing the Tinyproxy proxy tool are vulnerable due to a critical flaw, designated CVE-2023-49606, which has been rated 9.8 out of a possible 10 on the CVSS scale....
Recently, Aruba Networks, a subsidiary of Hewlett Packard Enterprise (HPE), disclosed information about ten vulnerabilities in its ArubaOS operating system, four of which are classified as critical. These vulnerabilities could potentially allow arbitrary code...
The cybersecurity firm Oversecured has uncovered vulnerabilities in Android applications from Xiaomi, affecting users globally. The investigation revealed 20 vulnerabilities associated with unauthorized access to system data, file theft, and leakage of phone and...
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have urged software developers to more proactively identify and remedy path traversal vulnerabilities before releasing products to the market. Such...
Microsoft has issued a warning to Android users about a new exploit dubbed “Dirty Stream,” which allows malicious applications to overwrite files in another application’s home directory, potentially leading to arbitrary code execution and...
Recently, cybersecurity experts at FortiGuard Labs discovered a previously unseen botnet network named Goldoon, targeting D-Link routers via the CVE-2015-2051 vulnerability, which has been known for nearly a decade. This vulnerability, rated nearly at...
A critical flaw in the GitLab system, which allows the interception and control of user accounts, was recently added to the CISA catalog of known exploitable vulnerabilities. This issue, identified as CVE-2023-7028 and rated...
Verizon’s annual Data Breach Investigations Report reveals a disturbing trend in cybersecurity: the use of vulnerabilities as an initial breach point has nearly tripled compared to last year, now accounting for 14% of all...
A critical vulnerability has been discovered in the R programming language, potentially exposing organizations using this popular open-source language to software supply chain attacks. The vulnerability, designated CVE-2024-27322, has been rated 8.8 out of...
In February, a high-profile cyberattack on Change Healthcare caused significant disruptions in the operations of US medical facilities. Andrew Witty, CEO of UnitedHealth Group (the parent company of Change Healthcare), revealed that the attack...
An international team of scientists, led by specialists from the University of California, San Diego, has identified a new type of attack targeting the branch prediction component at the microarchitectural level. The findings, which...
Over 1,400 internet-accessible CrushFTP servers are vulnerable to attacks exploiting the critical server vulnerability CVE-2024-4040. This flaw, whose active exploitation was previously reported at the beginning of the week, allows unauthorized attackers to access...
Cybercriminals have begun to exploit a critical vulnerability in the WP Automatic plugin for WordPress, enabling them to create accounts with administrative privileges and install backdoors for long-term access. Installed on over 30,000 sites,...
Security experts have identified a critical vulnerability in the Flowmon network performance monitoring tool from Progress Software, utilized by over 1,500 companies globally, including major organizations such as SEGA, KIA, and Volkswagen. The vulnerability...
