JPCERT specialists are raising alarms about a series of critical vulnerabilities in the Forminator plugin for WordPress, developed by WPMU DEV. This plugin, utilized by over 500,000 websites, enables the creation of various forms...
A recent study has unveiled vulnerabilities in the Windows operating system’s process of converting DOS to NT paths, potentially allowing malicious actors to conceal files, mimic directories and processes, and gain capabilities akin to...
Users of the CrushFTP file transfer software are strongly advised to upgrade to the latest version following the discovery of a vulnerability that has been subject to targeted exploitation. CrushFTP has issued a warning...
Palo Alto Networks has disclosed details of a critical vulnerability in the PAN-OS that has been actively exploited. The vulnerability designated CVE-2024-3400 with a CVSS score of 10.0, arises from a combination of two...
Cisco has released updates to address a critical vulnerability in its Integrated Management Controller, which allows local attackers to elevate their privileges to the administrator level. “A vulnerability in the CLI of the Cisco...
Fortinet reports that malicious actors continue to exploit a year-old vulnerability in TP-Link routers, incorporating them into various botnets for conducting DDoS attacks. The command injection vulnerability, CVE-2023-1389 (CVSS score: 8.8), was identified at...
The developers of PuTTY are issuing a warning about a critical vulnerability affecting versions 0.68 to 0.80, which could potentially allow an attacker to completely reconstruct private NIST-P521 keys. The vulnerability, identified as CVE-2024-31497,...
Yubico, the developer of the widely-used YubiKey authentication devices, has alerted Windows users to a significant vulnerability in its software. According to the company’s official statement, this vulnerability could lead to elevated privileges on...
Approximately six years ago, vulnerabilities were discovered that affected the majority of Intel and AMD processors. Known as Spectre and Meltdown, these flaws could be exploited to steal sensitive data from compromised systems. In...
Last Friday, April 12, we discussed a new vulnerability in the PAN-OS operating system, used in Palo Alto Networks’ network gateways. At that time, the company acknowledged that the vulnerability, designated CVE-2024-3400, had been...
Six years ago, a vulnerability was discovered in the Lighttpd web server, which is used in server board management controllers. It was promptly rectified; however, products from many major manufacturers, including Intel and Lenovo,...
Researchers at the University of Amsterdam have uncovered a novel attack methodology, Native BHI, that enables hackers to access data stored in the Linux kernel’s memory on computers equipped with Intel processors. This method...
