The widespread exploitation of a vulnerability in Ivanti Connect Secure and Policy Secure servers, identified as CVE-2024-21893, is raising alarms among cybersecurity professionals. This grave flaw, affecting software versions 9.x and 22.x, enables malefactors...
The company Snyk has identified four vulnerabilities in virtualization systems collectively dubbed Leaky Vessels. These flaws enable malefactors to breach the confines of isolated containers and access data on the host operating system. Containers...
The Tor Project’s development team has released a report detailing the findings of a second audit conducted by Radically Open Security from April to August 2023. This examination scrutinized the code for operating exit...
Ivanti has released a suite of patches for vulnerabilities in its Connect Secure (ICS) and Policy Secure (IPS) gateways. Concurrently, the company has identified two new zero-day vulnerabilities, one of which is being actively...
Recently, a significant local privilege escalation (LPE) vulnerability was identified in the GNU C Library (glibc). Tracked as CVE-2023-6246, this security flaw stems from the “__vsyslog_internal()” function in glibc, responsible for logging messages in...
Numerous publicly available Proof-of-Concept (PoC) exploits for a critical vulnerability in Jenkins, which allow an unauthenticated attacker to read arbitrary files, have emerged, and cyber criminals are already actively leveraging these flaws in their...
A critical zero-click vulnerability, CVE-2023-7028 (rated CVSS 10.0) has been discovered by researchers in over 5,300 instances of GitLab accessible from the internet. Although the issue has been rectified in the latest versions of...
The cybersecurity firm Orca Security has identified a vulnerability in Google Kubernetes Engine (GKE) that enables individuals with a Google account to gain control over Kubernetes clusters. This issue has been codenamed Sys:All. It...
Security researchers hacked a Tesla car modem and received a total reward of $722,500 on the first day of the Pwn2Own Automotive 2024 competition, currently taking place in Tokyo. Today, white-hat hackers discovered no...
The Shadowserver Service is documenting attempts to exploit the critical vulnerability CVE-2023-22527, which enables remote code execution on outdated versions of Atlassian Confluence servers. Atlassian disclosed the issue last week, noting that it affects...
Security mobile application company Oversecured has recently disclosed a vulnerability found in several popular Java and Android application libraries, rendering them susceptible to a new supply chain attack method named MavenGate. Oversecured’s analysis highlights...
Varonis, a cybersecurity firm, has unearthed a new vulnerability in Microsoft products, alongside several attack methodologies that allow malefactors to acquire users’ password hashes. Identified as CVE-2023-35636, this critical vulnerability affects the shared calendar...
The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has urgently issued a directive, urging Federal Civilian Executive Branch (FCEB) agencies to mitigate the effects of two actively exploited zero-day vulnerabilities in...
A cybercriminal group linked to China, known as UNC3886, has clandestinely exploited a critical zero-day vulnerability in the VMware vCenter Server management system since late 2021. This revelation was disclosed in a recent report...
Two menacing new vulnerabilities, CVE-2023-44452, and CVE-2023-51698, have been unmasked within the Linux universe. This critical Remote Code Execution (RCE) flaw, discovered by security researcher Febin Mon Saji, targets unsuspecting users of popular Linux...
A team of researchers from the Polish company STM Cyber uncovered serious vulnerabilities in payment terminals manufactured by the Chinese firm PAX. These vulnerabilities enable cybercriminals to execute arbitrary code on PoS terminals. The...
