A critical vulnerability has been discovered in the R programming language, potentially exposing organizations using this popular open-source language to software supply chain attacks. The vulnerability, designated CVE-2024-27322, has been rated 8.8 out of...
In February, a high-profile cyberattack on Change Healthcare caused significant disruptions in the operations of US medical facilities. Andrew Witty, CEO of UnitedHealth Group (the parent company of Change Healthcare), revealed that the attack...
An international team of scientists, led by specialists from the University of California, San Diego, has identified a new type of attack targeting the branch prediction component at the microarchitectural level. The findings, which...
Over 1,400 internet-accessible CrushFTP servers are vulnerable to attacks exploiting the critical server vulnerability CVE-2024-4040. This flaw, whose active exploitation was previously reported at the beginning of the week, allows unauthorized attackers to access...
Cybercriminals have begun to exploit a critical vulnerability in the WP Automatic plugin for WordPress, enabling them to create accounts with administrative privileges and install backdoors for long-term access. Installed on over 30,000 sites,...
Security experts have identified a critical vulnerability in the Flowmon network performance monitoring tool from Progress Software, utilized by over 1,500 companies globally, including major organizations such as SEGA, KIA, and Volkswagen. The vulnerability...
Experts at Citizen Lab have identified vulnerabilities in popular keyboard applications that could be exploited to log keystrokes of Chinese users worldwide. These security issues are nearly ubiquitous across apps, including those pre-installed on...
Recently, security researchers identified a new vulnerability known as Dependency Confusion, affecting an archived Apache project titled Cordova App Harness. This vulnerability enables malefactors to manipulate package managers into downloading a fraudulent package from...
JPCERT specialists are raising alarms about a series of critical vulnerabilities in the Forminator plugin for WordPress, developed by WPMU DEV. This plugin, utilized by over 500,000 websites, enables the creation of various forms...
A recent study has unveiled vulnerabilities in the Windows operating system’s process of converting DOS to NT paths, potentially allowing malicious actors to conceal files, mimic directories and processes, and gain capabilities akin to...
Users of the CrushFTP file transfer software are strongly advised to upgrade to the latest version following the discovery of a vulnerability that has been subject to targeted exploitation. CrushFTP has issued a warning...
Palo Alto Networks has disclosed details of a critical vulnerability in the PAN-OS that has been actively exploited. The vulnerability designated CVE-2024-3400 with a CVSS score of 10.0, arises from a combination of two...
Cisco has released updates to address a critical vulnerability in its Integrated Management Controller, which allows local attackers to elevate their privileges to the administrator level. “A vulnerability in the CLI of the Cisco...
Fortinet reports that malicious actors continue to exploit a year-old vulnerability in TP-Link routers, incorporating them into various botnets for conducting DDoS attacks. The command injection vulnerability, CVE-2023-1389 (CVSS score: 8.8), was identified at...
The developers of PuTTY are issuing a warning about a critical vulnerability affecting versions 0.68 to 0.80, which could potentially allow an attacker to completely reconstruct private NIST-P521 keys. The vulnerability, identified as CVE-2024-31497,...
Yubico, the developer of the widely-used YubiKey authentication devices, has alerted Windows users to a significant vulnerability in its software. According to the company’s official statement, this vulnerability could lead to elevated privileges on...
