Latest Vulnerability news

Google says spyware vendors behind most zero-days it discovers

Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide.
- Bill Toulas
- February 06, 2024
- 12:27 PM
- 4
Newest Ivanti SSRF zero-day now under mass exploitation

An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.
- Bill Toulas
- February 05, 2024
- 10:55 AM
- 1
Leaky Vessels flaws allow hackers to escape Docker, runc containers

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.
- Bill Toulas
- February 04, 2024
- 10:17 AM
- 0
Mastodon vulnerability allows attackers to take over accounts

Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.
- Bill Toulas
- February 03, 2024
- 10:09 AM
- 0
45k Jenkins servers exposed to RCE attacks using public exploits

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.
- Bill Toulas
- January 29, 2024
- 05:06 PM
- 0
Cisco warns of critical RCE flaw in communications software

Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.
- Bill Toulas
- January 25, 2024
- 09:41 AM
- 0
Hackers target WordPress database plugin active on 1 million sites

Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.
- Bill Toulas
- January 25, 2024
- 09:15 AM
- 2
Over 5,300 GitLab servers exposed to zero-click account takeover attacks

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
- Bill Toulas
- January 24, 2024
- 12:55 PM
- 3
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now

Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.
- Bill Toulas
- January 23, 2024
- 10:41 AM
- 0
Hackers start exploiting critical Atlassian Confluence RCE flaw

Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers.
- Bill Toulas
- January 22, 2024
- 08:41 AM
- 0
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space.
- Bill Toulas
- January 17, 2024
- 10:32 AM
- 1
GitHub rotates keys to mitigate impact of credential-exposing flaw

GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables.
- Sergiu Gatlan
- January 16, 2024
- 05:19 PM
- 0
PixieFail flaws impact PXE network boot in enterprise systems

A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers.
- Bill Toulas
- January 16, 2024
- 12:19 PM
- 0
Atlassian warns of critical RCE flaw in older Confluence versions

Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.
- Bill Toulas
- January 16, 2024
- 10:17 AM
- 0
GrapheneOS: Frequent Android auto-reboots block firmware exploits

GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users.
- Bill Toulas
- January 14, 2024
- 10:32 AM
- 3
GitLab warns of critical zero-click account hijacking vulnerability

GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
- Bill Toulas
- January 12, 2024
- 12:54 PM
- 0
Ivanti Connect Secure zero-days exploited to deploy custom malware

Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes.
- Bill Toulas
- January 12, 2024
- 10:30 AM
- 0
Over 150k WordPress sites at takeover risk via vulnerable plugin

Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
- Bill Toulas
- January 11, 2024
- 04:54 PM
- 1
CISA warns agencies of fourth flaw used in Triangulation spyware attacks

The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla.
- Bill Toulas
- January 09, 2024
- 02:32 PM
- 0
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs

Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities.
- Lawrence Abrams
- January 09, 2024
- 02:05 PM
- 5