Recently, GitHub rectified a vulnerability, CVE-2024-0200, in its Enterprise Server. This flaw, associated with Unsafe Reflection, permitted malefactors to execute remote code on unprotected servers. It granted access to the environment variables of production...
The development of artificial intelligence systems is gaining momentum. An increasing number of companies are turning to Graphics Processing Units (GPUs) for the essential computational power needed to operate large language models and swiftly...
Researchers from the French company Quarkslab have discovered a multitude of serious vulnerabilities in Tianocore EDK II, an open implementation of the UEFI specification, which could be exploited for remote code execution. Nine vulnerabilities,...
Citrix emphatically advises its users to promptly install patches on Netscaler ADC and Netscaler Gateway devices connected to the internet, to avert attacks associated with two newly exploited zero-day vulnerabilities. These security flaws, designated...
Cybersecurity firm Bishop Fox has discovered that over 178,000 of SonicWall next-generation firewalls (NGFW), with online accessible management interfaces, are vulnerable to Denial of Service (DoS) attacks and Remote Code Execution (RCE). The devices...
Earlier this month, we discussed the zero-day vulnerabilities in Ivanti products. A recent analysis by Mandiant revealed that attackers employed five distinct malware families in their assaults, including Zipline, Thinspool Dropper, Wirefire, Lightwire, and...
A recently discovered vulnerability in Windows SmartScreen is being actively exploited in attacks that lead to the infection with the new Phemedrone stealer, warns Trend Micro. The vulnerability, CVE-2023-36025, scored 8.8 on the CVSS...
Security researchers from Guardio Labs uncovered a significant oversight in Opera’s web browser for Windows and macOS, which allows cybercriminals to launch any file, including malicious ones, on the computer’s base operating system. The...
According to a report by SecurityScorecard’s STRIKE team, hackers from the Volt Typhoon group, linked to the Chinese government, have gained persistent access to Cisco RV320/325 routers, discontinued since 2019. The malefactors exploited two...
Bitdefender has identified a vulnerability in the popular Bosch BCC100 Wi-Fi thermostat model. This flaw permits cybercriminals to remotely manipulate device settings, including temperature, and install malicious software. Internet of Things (IoT) devices, ranging...
Specialists at VulnCheck have developed a Proof-of-Concept (PoC) code that exploits a recently discovered critical vulnerability in the Apache OFBiz Enterprise Resource Planning (ERP) system to execute malicious code in memory. The vulnerability, designated...
Cybersecurity researchers have identified a new type of attack that exploits weaknesses in the configuration of Apache’s Hadoop and Flink software, deploying cryptocurrency miners on target systems. “This attack is particularly intriguing due to...
At least five different types of malware have been employed by suspected state-sponsored hackers to gain access to company networks through Zero-Day vulnerabilities in Ivanti Connect Secure (ICS) VPN devices. These attacks have been...
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw affecting Microsoft SharePoint Server to its catalog of Known Exploited Vulnerabilities (KEV). This decision was based on evidence of...
Apple has released a firmware update for the Magic Keyboard to address a security vulnerability identified as CVE-2024-0230 (initially disclosed as CVE-2023-45866). This vulnerability allowed malicious actors to forge Bluetooth connections with the keyboard....
The National Cyber Security Centre of Finland (NCSC-FI) is issuing a warning about the increased activity of the Akira ransomware. According to the center, this past December witnessed hackers successfully carrying out six of...
