Zero-Day Exploits Up 50% in 2023: Google Warns
In a recent report by Google’s cyber experts, it was revealed that the exploitation of zero-day vulnerabilities surged by 50% in 2023, reaching a total of 97 incidents, up from 62 in the previous...
Category: Vulnerability
Microsoft SharePoint Under Attack: CISA Issues Alert
The Cybersecurity and Infrastructure Security Agency (CISA) has expressed concern over the active exploitation of a vulnerability within the Microsoft SharePoint system, which allows malefactors to launch attacks via remote code execution (RCE). The...
UNC5174 Exploits Zero-Days: F5, Connectwise Hit
Mandiant specialists report that Chinese hackers, identified as UNC5174, are exploiting vulnerabilities in widely-used products to disseminate malicious software capable of installing additional backdoors on compromised Linux hosts. The attacks orchestrated by UNC5174 have...
Fortinet Vulnerability Exploited: Patch Now! PoC Published
Security researchers at Horizon3 have disclosed a Proof-of-Concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiClient EMS, which is currently being actively exploited by hackers. The SQL injection vulnerability, CVE-2023-48788 (with a CVSS...
Unsafe Hotels? Millions of Rooms Vulnerable to Attack
Annually in August, thousands of cybersecurity professionals gather in Las Vegas for an event often dubbed the “hackers’ summer camp.” This period marks the convening of two of the largest information security conferences: Black...
“Unfixable” Apple Chip Issue: Secret Keys Vulnerable
Researchers have uncovered a grave vulnerability within the microarchitecture of Apple’s M-series chips, enabling malefactors to extract secret keys from Mac devices, encompassing both computers and laptops. The crux of the issue lies in...
Critical Ivanti Alert: Patch Standalone Sentry Now (CVE-2023-41724)
Ivanti has issued a warning regarding a critical vulnerability in its Standalone Sentry product, which allows attackers to remotely execute arbitrary commands. Designated as CVE-2023-41724, this vulnerability has been rated at 9.6 on the...
APIs Under Attack: $75 Billion Annual Cost
In a recent report titled “The State of API Security in 2024” by Imperva, it was revealed that the majority of internet traffic, approximately 70%, is attributed to API calls. In 2023, an average...
Ethereum Wallets Under Attack: CREATE2 Exploit Exposed
Specialists at Check Point Research have uncovered a method of attacking Ethereum blockchain wallets via the CREATE2 function, which enables cybercriminals to circumvent standard security measures and gain unauthorized access to users’ funds. The...
Apex Legends Finals Halted: Integrity Breach Rocks Tournament
The finale of the North American division of the esteemed eSports discipline Apex Legends was abruptly suspended due to a breach of “competitive integrity.” A nefarious individual managed to infiltrate the computers of professional...
CVE-2023-5528: Critical Kubernetes Exploit Grants Attackers SYSTEM Privileges
Security experts have recently disclosed a high-severity vulnerability in Kubernetes that, under certain conditions, could allow an attacker to remotely execute code with elevated privileges. “The vulnerability allows remote code execution with SYSTEM privileges on...
Critical Fortinet EMS Flaw Fixed: Update Now!
Fortinet has released an update to rectify a critical vulnerability in the FortiClient Enterprise Management Server (EMS) software, which allowed attackers to remotely execute code on susceptible servers. FortiClient EMS provides administrators with tools...
Zero-Day Attack: DarkGate Targets Windows CVE-2024-21412 Vulnerability
In mid-January, security researchers identified a significant campaign distributing the malicious software DarkGate, exploiting a recently patched Microsoft Windows security vulnerability in a zero-day fashion, that is, before its correction. According to Trend Micro,...
GhostRace: New Attack Bypasses OS Security
A new threat, codenamed GhostRace (CVE-2024-2193), has been identified by research teams from the Vrije Universiteit Amsterdam and IBM Research Europe. This vulnerability compromises the foundational security tools of operating systems and may result...
Critical Android 14 Flaw: Bluetooth Vulnerability Uncovered
The team behind GrapheneOS, which is dedicated to developing a secure iteration of the Android Open Source Project (AOSP), identified a flaw within the Bluetooth stack of Android 14 that could lead to remote...
Intel Shields Processors, Mitigates Register File Data Sampling Exploit
Intel has updated the microcode for its processors to address five security vulnerabilities and has also integrated new code into the Linux kernel to mitigate the effects of a new vulnerability (CVE-2023-28746) related to...
