In June this year, cybersecurity firm Kaspersky released a public report stating that iPhones used by some of its employees were compromised. The attackers employed multiple sophisticated zero-click vulnerabilities, infecting iPhones and achieving persistent...
Apache OFBiz offers a comprehensive suite of tools for ERP, CRM, E-Commerce, and more. Hailed for its open-source nature and part of the esteemed Apache Software Foundation, OFBiz has been a top choice for...
A new zero-day vulnerability in Barracuda Networks’ Email Security Gateway (ESG) has been disclosed. The vulnerability, identified as CVE-2023-7102, stems from the open-source third-party library, Spreadsheet::ParseExcel, used in ESG’s malware protection features. This issue...
In the complex domain of cybersecurity, the emergence of RetSpill marks a significant shift in the landscape of Linux kernel exploitation. This ingenious technique exploits the kernel’s design to escalate privileges, bypassing multiple layers...
In the ever-evolving landscape of cybersecurity, a new attack technique named “SMTP Smuggling” has emerged, posing a significant threat to the integrity of email communications. Discovered by Timo Longin, in collaboration with SEC Consult,...
In the realm of Linux and UNIX operating systems, the “sudo” command is a cornerstone of system administration, allowing users to execute commands with superuser privileges. However, the discovery of CVE-2023-7090 has cast a...
Deepin Linux has long been celebrated for its aesthetics and user-friendliness, especially among open-source enthusiasts. Developed by a Chinese team, it has earned a reputation for being one of the most visually appealing Linux...
Details have emerged about a now-patched security vulnerability in OpenSSH that could be potentially exploited to run arbitrary commands remotely on compromised hosts under specific conditions. The vulnerability is tracked under the CVE identifier...
Apache Airflow, the backbone of countless workflow pipelines, has encountered unwelcome turbulence. Four security vulnerabilities, collectively known as CVE-2023-47265, CVE-2023-49920, CVE-2023-50783, and CVE-2023-48291, have landed in the Airflow ecosystem, putting your workflows and data...
As an HTML5 web application, Apache Guacamole deftly bridges the gap between users and remote desktop environments, employing protocols like VNC or RDP. Beyond its immediate functionality, Guacamole underpins a broader project, offering an...
A new threat has emerged, targeting the very core of Linux systems around the globe. This peril, identified as CVE-2023-6817, lurks within the NetFilter subsystem of the Linux kernel, a critical component that governs...
In the ever-evolving landscape of cybersecurity, a new threat has emerged, known as the Terrapin attack. This sophisticated cyber assault targets the SSH (Secure Shell) protocol, a widely used standard for secure network services...
In the ever-evolving landscape of cyber security, the discovery of vulnerabilities within widely-used software systems is not uncommon. The latest to join this list is Apache Doris, an MPP (Massively Parallel Processing) architecture-based analytical...
A critical security flaw has been discovered in 3CX’s VoIP software, prompting the company to urge customers to disable their CRM integrations immediately. While details remain under wraps, the potential for a data breach...
A team of vigilant researchers at Microsoft uncovered a critical Remote Code Execution (RCE) vulnerability in Perforce Helix Core Server, a widely used source code management platform in industries including video games, government, military,...
In the intricate world of web and RPC frameworks, Apache Dubbo stands out as a beacon for enterprise-level microservices, renowned for its simplicity, high performance, and a suite of features that ensure seamless service...
