Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Zyxel
Zyxel patches critical flaws in EOL NAS devices

Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that …

TotalRecall
TotalRecall shows how easily data collected by Windows Recall can be stolen

Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal …

Progress
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote …

Atlassian Confluence
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)

If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw …

Fortinet
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command …

QNAP
15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack …

Ivanti
PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)

Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the …

Palo Alto Networks
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has …

Progress
PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network …

Palo Alto Networks
Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

UPDATE: April 30, 09:30 AM ET New story: Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades While it initially seemed that …

Delinea Secret Server
A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass …

Fortra FileCatalyst
PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools