Please turn on your JavaScript for this page to function normally.
Ivanti
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, …

Adobe Reader
Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)

Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary …

Ivanti
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)

Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers …

China
Chinese APT40 group swifly leverages public PoC exploits

Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory …

Fortra FileCatalyst
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s …

Progress MOVEit
Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)

Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software …

Zyxel
Zyxel patches critical flaws in EOL NAS devices

Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that …

TotalRecall
TotalRecall shows how easily data collected by Windows Recall can be stolen

Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal …

Progress
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote …

Atlassian Confluence
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)

If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw …

Fortinet
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command …

QNAP
15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack …

Don't miss

Cybersecurity news