Adobe has released a crucial security update that rectifies six vulnerabilities in its Substance 3D Stager product. If exploited successfully, these vulnerabilities could lead to memory leaks and arbitrary code execution. Substance 3D Stager...
Researchers at Nozomi Networks have identified 23 vulnerabilities in the widely used Bosch Rexroth Nutrunner NXA015S-36V-B. These high-precision tools are employed in factories and plants globally for fastening in the manufacturing and maintenance of...
SonicWall has recorded thousands of daily attempts to exploit zero-day vulnerabilities in Apache OFBiz over nearly two weeks. The flaw was first publicized on December 26, leading to a significant increase in exploitation attempts....
Researchers have calculated that nearly 11 million SSH servers on the internet are vulnerable to Terrapin attacks, which allow data manipulation during the handshake process, ultimately compromising the integrity of the SSH channel when...
The ShadowServer platform daily uncovers hundreds of IP addresses scanning or attempting to exploit Apache RocketMQ services vulnerable to Remote Code Execution (RCE), identified as CVE-2023-33246 and CVE-2023-37582. Both vulnerabilities are critical and pertain...
QNAP Systems published security advisories for 15 vulnerabilities, each posing a unique challenge to the integrity of their systems. From OS command injections to SQL injections, each flaw uncovered in their operating systems and...
Cybernews specialists identified two BMW subdomains vulnerable to an exploit allowing malicious actors to redirect users to harmful websites. This vulnerability, named SAP Redirect, affected SAP NetWeaver Application Server Java web servers, enabling the...
The cybersecurity firm Security Joes has identified a new variant of the DLL search order hijacking method, which could be exploited by malevolent actors to circumvent protective mechanisms and execute malicious code on systems...
According to a report presented by CloudSEK, a new hacking method enables hackers to exploit the OAuth 2.0 authorization protocol functionality to compromise Google accounts. This technique maintains valid sessions by regenerating cookie files,...
In June this year, cybersecurity firm Kaspersky released a public report stating that iPhones used by some of its employees were compromised. The attackers employed multiple sophisticated zero-click vulnerabilities, infecting iPhones and achieving persistent...
Apache OFBiz offers a comprehensive suite of tools for ERP, CRM, E-Commerce, and more. Hailed for its open-source nature and part of the esteemed Apache Software Foundation, OFBiz has been a top choice for...
A new zero-day vulnerability in Barracuda Networks’ Email Security Gateway (ESG) has been disclosed. The vulnerability, identified as CVE-2023-7102, stems from the open-source third-party library, Spreadsheet::ParseExcel, used in ESG’s malware protection features. This issue...
In the complex domain of cybersecurity, the emergence of RetSpill marks a significant shift in the landscape of Linux kernel exploitation. This ingenious technique exploits the kernel’s design to escalate privileges, bypassing multiple layers...
In the ever-evolving landscape of cybersecurity, a new attack technique named “SMTP Smuggling” has emerged, posing a significant threat to the integrity of email communications. Discovered by Timo Longin, in collaboration with SEC Consult,...
In the realm of Linux and UNIX operating systems, the “sudo” command is a cornerstone of system administration, allowing users to execute commands with superuser privileges. However, the discovery of CVE-2023-7090 has cast a...
Deepin Linux has long been celebrated for its aesthetics and user-friendliness, especially among open-source enthusiasts. Developed by a Chinese team, it has earned a reputation for being one of the most visually appealing Linux...
