Four critical vulnerabilities have been identified in VMware Workstation and Fusion products, potentially allowing attackers to access confidential information, conduct DoS attacks, and execute arbitrary code. These issues affect Workstation 17.x and Fusion 13.x...
Experts from SSD Secure Disclosure have discovered vulnerabilities in the D-Link EXO AX4800 (DIR-X4860) router, which allow an attacker to gain complete control over the device. The flaws were found in DIR-X4860 routers with...
Google has urgently released patches for a newly discovered zero-day flaw in Chrome, following reports of active exploitation by unknown attackers. The vulnerability, catalogued as CVE-2024-4947, affects the V8 JavaScript engine integral to Google’s...
The developers of Cacti, an open-source system for network monitoring and management, have addressed 12 vulnerabilities, including two critical ones leading to arbitrary code execution. Here are the most severe vulnerabilities that have been...
Google has issued an urgent security update for its Chrome browser to address a high-severity “out of bounds write” vulnerability in its V8 JavaScript engine, tracked as CVE-2024-4761. This vulnerability has been confirmed as...
Citrix has issued a warning to its clients regarding the need for manual mitigation of a vulnerability in the SSH client PuTTY, which could allow malicious actors to steal the SSH private key of...
Recent vulnerabilities in Ivanti Connect Secure devices have enabled attackers to deploy the Mirai botnet, according to security researchers from Juniper. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, are currently being actively exploited. The...
F5 has announced the rectification of two critical vulnerabilities in the BIG-IP Next Central Manager system, which could have been exploited to gain administrative access and create covert unauthorized accounts on managed devices. The...
In a swift response to a severe security threat, Google has rolled out emergency updates for Chrome after discovering a zero-day vulnerability that was being actively exploited. This security breach, known as CVE-2024-4671, concerns...
Kaspersky Lab has presented a review of changes in the cyber threat landscape for the first quarter of 2024, noting an increase in software vulnerabilities that underscores the importance of timely responses to new...
Researchers from Leviathan Security have identified a severe security threat that impacts nearly all virtual private network (VPN) applications. Dubbed “TunnelVision,” and assigned the identifier CVE-2024-3661 (CVSS score of 7.6 out of 10), this...
Censys has disclosed details of a new cyber espionage campaign, ArcaneDoor, which is believed to be linked to China. The attacks reportedly began in July 2023, with the first incident detected in January 2024....
Over 50% of the 90,310 servers utilizing the Tinyproxy proxy tool are vulnerable due to a critical flaw, designated CVE-2023-49606, which has been rated 9.8 out of a possible 10 on the CVSS scale....
Recently, Aruba Networks, a subsidiary of Hewlett Packard Enterprise (HPE), disclosed information about ten vulnerabilities in its ArubaOS operating system, four of which are classified as critical. These vulnerabilities could potentially allow arbitrary code...
The cybersecurity firm Oversecured has uncovered vulnerabilities in Android applications from Xiaomi, affecting users globally. The investigation revealed 20 vulnerabilities associated with unauthorized access to system data, file theft, and leakage of phone and...
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have urged software developers to more proactively identify and remedy path traversal vulnerabilities before releasing products to the market. Such...
