Please turn on your JavaScript for this page to function normally.
Delinea Secret Server
A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass …

Palo Alto Networks
CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks

Earlier today, Palo Alto Networks revealed that a critical command injection vulnerability (CVE-2024-3400) in the company’s firewalls has been exploited in limited …

Palo Alto Networks
Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

UPDATE (April 12, 2024, 03:10 p.m. ET): New story: CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks Attackers are exploiting a command injection …

Patch Tuesday
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked …

LG webOS TV
LG smart TVs may be taken over by remote attackers

Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the …

D-Link
92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the …

Ivanti
Ivanti vows to transform its security operating model, reveals new vulnerabilities

Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also …

Linux updated
XZ Utils backdoor update: Which Linux distros are affected and what can you do?

UPDATE: April 9, 09:23 AM ET A new story has been published: XZ Utils backdoor: Detection tools, scripts, rules The news that XZ Utils, a compression utility present in most …

Linux alert
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

UPDATE: April 9, 09:23 AM ET Two stories have been published since this initial release: Which Linux distros are affected and what can you do? XZ Utils backdoor: Detection …

Microsoft SharePoint
Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code …

Ray
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse …

Microsoft Exchange
17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates …

Don't miss

Cybersecurity news