Check Point has reported that since late April, cybercriminals have been actively exploiting a critical vulnerability in the Check Point VPN remote access system, allowing them to steal Active Directory data for further infiltration...
Recently, Netflix reported that since the launch of its Bug Bounty program in 2016, the streaming giant has paid researchers over one million dollars in rewards for identifying bugs and vulnerabilities in the company’s...
Check Point, a cybersecurity firm, has urged its clients to review their VPN configurations to prevent potential attacks from malicious actors attempting to access corporate networks. In its May 28th notification, the company highlighted...
A new privilege escalation vulnerability has been discovered in macOS 14 Sonoma, designated as CVE-2024-27842. While the severity of this vulnerability has not yet been determined, it affects all versions of macOS 14.x up...
Scientists have unveiled the details of a powerful and efficient new technique called the “pulsing denial-of-service” (PDoS) attack, which leverages DNS queries and responses to achieve an attack amplification factor of 20,000 times. The...
A serious vulnerability has been identified in the TP-Link Archer C5400X gaming router, leading to remote code execution on vulnerable devices through specially crafted requests. The vulnerability, designated CVE-2024-5035, has received the highest possible...
GitLab has released updates for its current product line, addressing a vulnerability that allows unauthenticated attackers to hijack user accounts via XSS attacks. “Today we are releasing versions 17.0.1, 16.11.3, and 16.10.6 for GitLab...
In early 2021, an access control flaw in Apache Flink was rectified, which has now been added to the CISA KEV catalog. This signifies that cybercriminals are actively exploiting the vulnerability to compromise targets....
The Justice AV Solutions (JAVS) program, used for recording court proceedings, was compromised by injecting malware into the installation file, capable of taking control of infected systems. JAVS is widely utilized in courts, law...
On May 21, Ivanti released updates to address numerous critical vulnerabilities in products such as Endpoint Manager, Avalanche, Neurons for ITSM, Connect Secure, and Secure Access. In total, 16 vulnerabilities were patched, which we...
Spyware was discovered on guest registration computers at several Wyndham hotel locations in the United States, capturing and publishing screenshots containing personal customer information. The program, named “pcTattletale,” continuously took screenshots of the hotel’s...
Rockwell Automation strongly urges its clients to disconnect all ICS control systems not intended for internet connectivity to prevent unauthorized or malicious cyberattacks. This measure is crucial due to escalating geopolitical tensions and increased...
In a swift response to a critical security threat, Google has released an emergency update for its Chrome browser, aimed at addressing a zero-day vulnerability actively exploited in the wild. The high-severity flaw, identified...
Veeam is urging all users of Veeam Backup Enterprise Manager to update their software to the latest version due to the discovery of a critical vulnerability that allows attackers to bypass authentication safeguards. Veeam...
GitHub has released patches to address a critical vulnerability in GitHub Enterprise Server (GHES) that could allow attackers to bypass authentication systems. The vulnerability, identified as CVE-2024-4985 with a maximum CVSS rating of 10.0,...
During a security audit of the QTS operating system, used in QNAP’s NAS products, fifteen vulnerabilities of varying severity were identified. Notably, eleven of these vulnerabilities remain unpatched. Among the discovered issues, CVE-2024-27130 stands...
