Please turn on your JavaScript for this page to function normally.
Google Chrome
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)

Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability …

F5
F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)

Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP …

CVE
CISA starts CVE “vulnrichment” program

The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created …

TunnelVision
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on …

Veeam
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 …

CVE
Why cloud vulnerabilities need CVEs

When considering vulnerability management’s purpose in a modern world, it’s imperative to recognize the huge transition to new technologies and how you manage risk …

printer
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print …

CrushFTP
CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The …

Ivanti
Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of …

Patch Tuesday
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked …

NIST NVD
NVD: NIST is working on longer-term solutions

The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, …

Linux alert
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

UPDATE: April 9, 09:23 AM ET Two stories have been published since this initial release: Which Linux distros are affected and what can you do? XZ Utils backdoor: Detection …

Don't miss

Cybersecurity news