Binarly, a company specializing in software security, has developed a complimentary online scanner for identifying Linux files vulnerable to a supply chain attack targeting the XZ Utils utilities, designated as CVE-2024-3094. CVE-2024-3094 constitutes a...
Security researcher Notselwyn has discovered a new vulnerability in Linux that allows for root access acquisition. This flaw affects Linux kernel versions from 5.14 to 6.6.14. The vulnerability, identified as CVE-2024-1086 with a CVSS...
In the popular compression utility xz, widely utilized across most Linux distributions, a hidden backdoor has been discovered. This malicious code, embedded within the utility’s package, poses a critical threat to the supply chain,...
In a recent software update for Continuous Integration and Delivery (CI/CD) TeamCity by JetBrains, 26 security issues were addressed. Yet, the company chose not to disclose any details about the identified vulnerabilities, sparking heated...
A significant vulnerability has been discovered in the Linux operating system, allowing unprivileged attackers the potential to purloin passwords or alter the clipboard contents of their victims. This issue pertains to the wall command...
In a recent report by Google’s cyber experts, it was revealed that the exploitation of zero-day vulnerabilities surged by 50% in 2023, reaching a total of 97 incidents, up from 62 in the previous...
The Cybersecurity and Infrastructure Security Agency (CISA) has expressed concern over the active exploitation of a vulnerability within the Microsoft SharePoint system, which allows malefactors to launch attacks via remote code execution (RCE). The...
Mandiant specialists report that Chinese hackers, identified as UNC5174, are exploiting vulnerabilities in widely-used products to disseminate malicious software capable of installing additional backdoors on compromised Linux hosts. The attacks orchestrated by UNC5174 have...
Security researchers at Horizon3 have disclosed a Proof-of-Concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiClient EMS, which is currently being actively exploited by hackers. The SQL injection vulnerability, CVE-2023-48788 (with a CVSS...
Annually in August, thousands of cybersecurity professionals gather in Las Vegas for an event often dubbed the “hackers’ summer camp.” This period marks the convening of two of the largest information security conferences: Black...
Researchers have uncovered a grave vulnerability within the microarchitecture of Apple’s M-series chips, enabling malefactors to extract secret keys from Mac devices, encompassing both computers and laptops. The crux of the issue lies in...
Ivanti has issued a warning regarding a critical vulnerability in its Standalone Sentry product, which allows attackers to remotely execute arbitrary commands. Designated as CVE-2023-41724, this vulnerability has been rated at 9.6 on the...