Latest Vulnerability news

Apple fixes two new iOS zero-days exploited in attacks on iPhones

Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones.
- Lawrence Abrams
- March 05, 2024
- 04:34 PM
- 0
Anycubic 3D printers hacked worldwide to expose security flaw

According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks.
- Sergiu Gatlan
- February 28, 2024
- 06:06 PM
- 0
Lazarus hackers exploited Windows zero-day to gain Kernel privileges

North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques.
- Bill Toulas
- February 28, 2024
- 12:24 PM
- 1
White House urges devs to switch to memory-safe programming languages

The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities.
- Sergiu Gatlan
- February 26, 2024
- 04:34 PM
- 13
Joomla fixes XSS flaws that could expose sites to RCE attacks

Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
- Bill Toulas
- February 21, 2024
- 05:55 PM
- 0
ScreenConnect critical bug now under attack as exploit code emerges

Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
- Bill Toulas
- February 21, 2024
- 12:18 PM
- 1
VMware urges admins to remove deprecated, vulnerable auth plug-in

VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.
- Sergiu Gatlan
- February 20, 2024
- 04:00 PM
- 0
Over 28,500 Exchange servers vulnerable to actively exploited bug

Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.
- Bill Toulas
- February 19, 2024
- 01:46 PM
- 0
Hackers exploit critical RCE flaw in Bricks WordPress site builder

Hackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
- Bill Toulas
- February 19, 2024
- 12:55 PM
- 0
SolarWinds fixes critical RCE bugs in access rights audit solution

SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
- Sergiu Gatlan
- February 16, 2024
- 01:32 PM
- 0
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs

Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.
- Bill Toulas
- February 15, 2024
- 10:30 AM
- 0
Zoom patches critical privilege elevation flaw in Windows apps

The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.
- Bill Toulas
- February 14, 2024
- 03:32 PM
- 0
Windows 10 KB5034763 update released with new fixes, changes

Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA).
- Lawrence Abrams
- February 13, 2024
- 03:22 PM
- 2
Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days.
- Lawrence Abrams
- February 13, 2024
- 02:07 PM
- 4
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
- Bill Toulas
- February 12, 2024
- 11:20 AM
- 0
ExpressVPN bug has been leaking some DNS requests for years

ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers.
- Bill Toulas
- February 11, 2024
- 10:09 AM
- 0
Raspberry Robin malware evolves with early access to Windows exploits

Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them.
- Bill Toulas
- February 10, 2024
- 10:11 AM
- 2
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.
- Lawrence Abrams
- February 07, 2024
- 07:55 PM
- 0
Critical flaw in Shim bootloader impacts major Linux distros

A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms.
- Bill Toulas
- February 07, 2024
- 10:55 AM
- 0
JetBrains warns of new TeamCity auth bypass vulnerability

JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges.
- Sergiu Gatlan
- February 06, 2024
- 12:30 PM
- 0