Please turn on your JavaScript for this page to function normally.
database
Tech stack uniformity has become a systemic vulnerability

Crashes due to faulty updates are nothing new; in fact, one reason IT teams often delay updates is their unreliability and tendency to disrupt the organization’s day-to-day …

Android, iPhone
Midnight Blizzard delivered iOS, Chrome exploits via compromised government websites

Suspected Russian hackers have been hitting iPhone and Android users visiting government websites with exploits first leveraged by commercial surveillance vendors, Google TAG …

WPS
APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was …

EvilVideo Telegram
Vulnerability in Telegram app for Android allows sending malicious files disguised as videos

ESET researchers discovered a zero-day exploit, which targets the Telegram app for Android, that appeared for sale for an unspecified price in an underground forum post from …

Fortra FileCatalyst
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s …

CVE
Edge services are extremely attractive targets to attackers

The cyber threat landscape in 2023 and 2024 has been dominated by mass exploitation, according to WithSecure. Edge service KEV vulnerability trends 64% of all edge service and …

PHP
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks …

Fortinet
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command …

ransomware
Organizations struggle to defend against ransomware

In this Help Net Security video, Jeremy Nichols, Director, Global Threat Intelligence Center at NTT Security Holdings, discusses a recent surge in ransomware incidents. After …

Google Chrome
Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)

For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 …

Google Chrome
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)

Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability …

Palo Alto Networks
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has …

Don't miss

Cybersecurity news