![PHP](https://img.helpnetsecurity.com/wp-content/uploads/2019/10/09092821/php-400x200.jpg)
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)
An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks …
![Patch Tuesday](https://img.helpnetsecurity.com/wp-content/uploads/2024/05/14201548/patch_tuesday_news2-400x200.webp)
Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)
June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlook (CVE-2024-30103). 49 …
![JetBrains](https://img.helpnetsecurity.com/wp-content/uploads/2024/06/11135415/jetbrains-1500-400x200.webp)
Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)
JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. …
![SolarWinds](https://img.helpnetsecurity.com/wp-content/uploads/2024/06/07184705/solarwinds-1500-400x200.webp)
SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)
SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by …
![Zyxel](https://img.helpnetsecurity.com/wp-content/uploads/2024/06/05194535/zyxel-1500-400x200.webp)
Zyxel patches critical flaws in EOL NAS devices
Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that …
![Progress](https://img.helpnetsecurity.com/wp-content/uploads/2024/06/04154556/progress-1500-400x200.webp)
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote …
![Atlassian Confluence](https://img.helpnetsecurity.com/wp-content/uploads/2024/01/16183650/confluence-red-1400-400x200.jpg)
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)
If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw …
![Check Point](https://img.helpnetsecurity.com/wp-content/uploads/2024/05/31132654/check-point-1500-400x200.webp)
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)
Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which …
![NIST NVD](https://img.helpnetsecurity.com/wp-content/uploads/2024/04/03121316/nist_nvd-1500-400x200.webp)
NIST says NVD will be back on track by September 2024
The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and …
![Fortinet](https://img.helpnetsecurity.com/wp-content/uploads/2024/05/29114619/fortinet-1500-400x200.webp)
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)
Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command …
![Google Chrome](https://img.helpnetsecurity.com/wp-content/uploads/2023/06/12104200/chrome-connection1-400x200.jpg)
Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)
For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. …
![Google Chrome](https://img.helpnetsecurity.com/wp-content/uploads/2023/06/12104204/chrome-connection2-400x200.jpg)
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)
Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability …
Featured news
Sponsored
Don't miss
- Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
- Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
- Learning from CrowdStrike’s quality assurance failures
- BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements
- How CISOs enable ITDR approach through the principle of least privilege