Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. About Acronis Cyber Infrastructure Acronis …
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About …
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, …
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s …
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to …
Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and …
Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)
CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for …
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)
For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in …
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)
A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s …
75% of new vulnerabilities exploited within 19 days
Last year alone, over 30,000 new vulnerabilities were published, with a new vulnerability emerging approximately every 17 minutes — averaging 600 new vulnerabilities per week, …
Intel-powered computers affected by serious firmware flaw (CVE-2024-0762)
A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privileges and run arbitrary …
Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)
VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud …
Featured news
Sponsored
Don't miss
- 100+ domains seized to stymie Russian Star Blizzard hackers
- October 2024 Patch Tuesday forecast: Recall can be recalled
- Best practices for implementing threat exposure management, reducing cyber risk exposure
- Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
- CUPS vulnerabilities could be abused for DDoS attacks