CISA Warns of Active Exploitation of Five-Year-Old jQuery Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a medium-severity cross-site scripting (XSS) vulnerability, CVE-2020-11023, to its […]
Alert
PANdora’s Box: Palo Alto Firewall Secure Boot Bypass and Firmware Exploits
An in-depth evaluation of three firewall models from Palo Alto Networks has exposed significant vulnerabilities, ranging from Secure Boot bypass
Zero-Click Exploit in Google Messages Affecting Galaxy S23 and S24 Models
A security flaw affecting Samsung smartphones has been uncovered, posing a significant risk to user safety. Cybersecurity researchers have detailed
CISA Warns of Active Exploitation in Mitel and Oracle Systems
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about three critical vulnerabilities impacting Mitel MiCollab and
LDAPNightmare Exploit Targets Windows Servers with DoS and RCE
A proof-of-concept (PoC) exploit, codenamed LDAPNightmare, has been unveiled for a now-patched security vulnerability in Windows’ Lightweight Directory Access Protocol
Dynamics 365 and Power Apps API Flaws: Microsoft Users at Risk
Recent revelations about three significant security vulnerabilities in Microsoft Dynamics 365 and Power Apps Web API underscore the ever-present need
DoubleClickjacking: New Exploit Bypasses Major Website Protections
A new vulnerability, named DoubleClickjacking, is threatening the security landscape by circumventing traditional clickjacking protections on major websites. Discovered by
16 Chrome Extensions Compromised: Over 600,000 Users at Risk
A newly uncovered attack campaign has compromised at least 16 Chrome browser extensions, exposing over 600,000 users to data breaches
CVE-2024-12856: Default Credentials Endanger 15,000+ Four-Faith Routers
A high-severity vulnerability in Four-Faith routers has placed over 15,000 devices at risk, with active exploitation already observed. The flaw,
CVE-2024-45387: Apache Traffic Control SQL Injection Fix Released
The Apache Software Foundation (ASF) has issued crucial security updates to address a severe SQL injection vulnerability in Apache Traffic
Critical Apache Tomcat RCE Flaw CVE-2024-56337
The Apache Software Foundation (ASF) has issued a crucial security update to address a newly identified vulnerability in Apache Tomcat,
WebView2 Exploited: CoinLurker Malware Targets Cryptocurrency Wallets
Attackers are targeting cryptocurrency using fake software update notifications to deploy a sophisticated stealer malware known as CoinLurker. Written in
Symlink Exploit in iOS and macOS Enables TCC Bypass
A vulnerability in Apple’s iOS and macOS has highlighted a serious flaw that allowed attackers to bypass the Transparency, Consent,
Malware Abuse of Windows UI Automation Framework Exposes EDR Blindspots
A new malware technique leverages Windows’ UI Automation (UIA) framework, enabling stealthy malicious operations while bypassing endpoint detection and response
Zero-Day Exploit in Cleo File Transfer Tools Sparks Global Security Alert
Cybersecurity experts are sounding the alarm after discovering widespread exploitation of a critical vulnerability in Cleo-managed file transfer software, affecting