Category: Vulnerability

CVE-2024-4040

1,400+ CrushFTP Servers at Risk: Update Now!

Over 1,400 internet-accessible CrushFTP servers are vulnerable to attacks exploiting the critical server vulnerability CVE-2024-4040. This flaw, whose active exploitation was previously reported at the beginning of the week, allows unauthorized attackers to access...

CVE-2024-2389

Critical Alert: Flowmon Exploit Puts 1,500+ Firms at Risk

Security experts have identified a critical vulnerability in the Flowmon network performance monitoring tool from Progress Software, utilized by over 1,500 companies globally, including major organizations such as SEGA, KIA, and Volkswagen. The vulnerability...

keyboard vulnerabilities

Millions at Risk: Popular Keyboard Apps Leak Keystrokes (

Experts at Citizen Lab have identified vulnerabilities in popular keyboard applications that could be exploited to log keystrokes of Chinese users worldwide. These security issues are nearly ubiquitous across apps, including those pre-installed on...

Dependency Confusion Vulnerability

Dependency Confusion Flaw Found in Old Apache Code

Recently, security researchers identified a new vulnerability known as Dependency Confusion, affecting an archived Apache project titled Cordova App Harness. This vulnerability enables malefactors to manipulate package managers into downloading a fraudulent package from...

WordPress 5.0

Critical Flaws Found in Popular WordPress Plugin

JPCERT specialists are raising alarms about a series of critical vulnerabilities in the Forminator plugin for WordPress, developed by WPMU DEV. This plugin, utilized by over 500,000 websites, enables the creation of various forms...

CrushFTP zero-day vulnerability

CrushFTP Zero-Day Patched: Update Now (v11.1.0)

Users of the CrushFTP file transfer software are strongly advised to upgrade to the latest version following the discovery of a vulnerability that has been subject to targeted exploitation. CrushFTP has issued a warning...

Condi botnet

Critical TP-Link Flaw Under Attack: Update Now

Fortinet reports that malicious actors continue to exploit a year-old vulnerability in TP-Link routers, incorporating them into various botnets for conducting DDoS attacks. The command injection vulnerability, CVE-2023-1389 (CVSS score: 8.8), was identified at...

CVE-2024-31497

CVE-2024-31497: PuTTY Exploit Endangers Data

The developers of PuTTY are issuing a warning about a critical vulnerability affecting versions 0.68 to 0.80, which could potentially allow an attacker to completely reconstruct private NIST-P521 keys. The vulnerability, identified as CVE-2024-31497,...

CVE-2024-31498

Security Alert: YubiKey Users Must Update Software

Yubico, the developer of the widely-used YubiKey authentication devices, has alerted Windows users to a significant vulnerability in its software. According to the company’s official statement, this vulnerability could lead to elevated privileges on...