Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Apache OFBiz
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to …

Fortra FileCatalyst
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting …

SolarWinds
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw …

GitHub
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the …

visualization
To improve your cybersecurity posture, focus on the data

Effectively converging, managing and using enterprise data is a huge undertaking. Enterprises have vast hoards of data, but those hoards exist within siloed systems and …

SolarWinds
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While …

Evolution Mining
Australian gold mining company hit with ransomware

Australian gold mining firm Evolution Mining has announced on Monday that it became aware on 8 August 2024 of a ransomware attack impacting its IT systems, and has been …

malware
Ransomware gang targets IT workers with new RAT masquerading as IP scanner

Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan (RAT). “The malware, named SharpRhino due to its use of the C# programming …

Apache OFBiz
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)

CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute …

VMware
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)

Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full …

Progress
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)

Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About …

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)

A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools