Last Friday, April 12, we discussed a new vulnerability in the PAN-OS operating system, used in Palo Alto Networks’ network gateways. At that time, the company acknowledged that the vulnerability, designated CVE-2024-3400, had been...
Six years ago, a vulnerability was discovered in the Lighttpd web server, which is used in server board management controllers. It was promptly rectified; however, products from many major manufacturers, including Intel and Lenovo,...
Researchers at the University of Amsterdam have uncovered a novel attack methodology, Native BHI, that enables hackers to access data stored in the Linux kernel’s memory on computers equipped with Intel processors. This method...
A vulnerability has been discovered within the standard library of the Rust programming language, allowing for the execution of malicious code on Windows systems. CVE-2024-24576, rated with a CVSS score of 10, stems from...
Researchers from Bitdefender have identified four vulnerabilities in several versions of WebOS, the operating system utilized in LG smart TVs. These flaws enable cybercriminals to gain unauthorized access and control over the devices at...
Over 16,500 Ivanti Connect Secure and Policy Secure gateways accessible via the Internet are at risk due to a high-severity vulnerability that enables remote code execution (RCE) and denial of service (DoS) attacks. The...
The Cybersecurity and Infrastructure Security Agency (CISA) along with several leading global organizations have issued a new warning about critical vulnerabilities in the products of IT giant Ivanti. According to experts, these issues, identified...
A new vulnerability in the HTTP/2 protocol could be exploited to execute Denial of Service (DoS) attacks. This discovery, dubbed “HTTP/2 CONTINUATION Flood,” was made by cybersecurity researcher Bartek Nowotarski, who reported the issue...
In the widely utilized WordPress plugin LayerSlider, which is employed on over a million websites to craft responsive sliders, image galleries, and animations, a critical vulnerability was recently identified that enables SQL injection without...
Google has remedied a critical vulnerability in the Chrome browser, identified during the Pwn2Own 2024 competition in Vancouver. The vulnerability, CVE-2024-3159, stems from an out-of-bounds read error in the JavaScript V8 engine, potentially allowing...
Binarly, a company specializing in software security, has developed a complimentary online scanner for identifying Linux files vulnerable to a supply chain attack targeting the XZ Utils utilities, designated as CVE-2024-3094. CVE-2024-3094 constitutes a...
Security researcher Notselwyn has discovered a new vulnerability in Linux that allows for root access acquisition. This flaw affects Linux kernel versions from 5.14 to 6.6.14. The vulnerability, identified as CVE-2024-1086 with a CVSS...
In the popular compression utility xz, widely utilized across most Linux distributions, a hidden backdoor has been discovered. This malicious code, embedded within the utility’s package, poses a critical threat to the supply chain,...
In a recent software update for Continuous Integration and Delivery (CI/CD) TeamCity by JetBrains, 26 security issues were addressed. Yet, the company chose not to disclose any details about the identified vulnerabilities, sparking heated...
A significant vulnerability has been discovered in the Linux operating system, allowing unprivileged attackers the potential to purloin passwords or alter the clipboard contents of their victims. This issue pertains to the wall command...
In a recent report by Google’s cyber experts, it was revealed that the exploitation of zero-day vulnerabilities surged by 50% in 2023, reaching a total of 97 incidents, up from 62 in the previous...
