CVE-2024-12856: Default Credentials Endanger 15,000+ Four-Faith Routers
A high-severity vulnerability in Four-Faith routers has placed over 15,000 devices at risk, with active exploitation already observed. The flaw, […]
Alert
CVE-2024-45387: Apache Traffic Control SQL Injection Fix Released
The Apache Software Foundation (ASF) has issued crucial security updates to address a severe SQL injection vulnerability in Apache Traffic
Critical Apache Tomcat RCE Flaw CVE-2024-56337
The Apache Software Foundation (ASF) has issued a crucial security update to address a newly identified vulnerability in Apache Tomcat,
WebView2 Exploited: CoinLurker Malware Targets Cryptocurrency Wallets
Attackers are targeting cryptocurrency using fake software update notifications to deploy a sophisticated stealer malware known as CoinLurker. Written in
Symlink Exploit in iOS and macOS Enables TCC Bypass
A vulnerability in Apple’s iOS and macOS has highlighted a serious flaw that allowed attackers to bypass the Transparency, Consent,
Malware Abuse of Windows UI Automation Framework Exposes EDR Blindspots
A new malware technique leverages Windows’ UI Automation (UIA) framework, enabling stealthy malicious operations while bypassing endpoint detection and response
Zero-Day Exploit in Cleo File Transfer Tools Sparks Global Security Alert
Cybersecurity experts are sounding the alarm after discovering widespread exploitation of a critical vulnerability in Cleo-managed file transfer software, affecting
AI Security Alert: Prompt Injection Flaws Exposed in DeepSeek and Claude AI
Recent discoveries have shed light on critical prompt injection vulnerabilities in AI-powered tools like DeepSeek and Anthropic’s Claude AI. If
Windows Zero-Day Exposes NTLM Credentials
A newly discovered Windows zero-day vulnerability has surfaced, enabling attackers to steal NTLM credentials with minimal user interaction. The flaw,
Mitel Patches Severe MiCollab Flaw Allowing Admin Access
A critical vulnerability in Mitel’s MiCollab software, now patched, has been revealed to enable attackers to gain unauthorized access to
BootKitty: The First Linux UEFI Bootkit Exploiting the LogoFAIL Flaw
A new form of UEFI malware, named BootKitty, has been discovered targeting Linux systems by exploiting a serious vulnerability known
Critical Flaws Found in Advantech Industrial Wi-Fi Access Points
Over 20 security vulnerabilities are discovered in Advantech EKI industrial Wi-Fi access points, with several posing critical risks. These flaws
Critical Flaws in WordPress Anti-Spam Plugin Put Over 200,000 Sites at Risk
Two critical vulnerabilities in the widely used WordPress plugin, Spam protection, Anti-Spam, and FireWall by CleanTalk, have been discovered, potentially
Russian RomCom Exploits Zero-Day Flaws in Firefox and Windows
In a sophisticated wave of cyberattacks, a Russia linked threat group RomCom has exploited two zero-day vulnerabilities—one in Mozilla Firefox
Hackers Exploit Avast Anti-Rootkit Driver to System Takeover
In a concerning development, cybercriminals are leveraging an old, vulnerable version of Avast’s Anti-Rootkit driver to disable security defenses and