CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: Juniper Networks Releases Security Bulletin for J-Web in Junos OS SRX Series and EX Series
Juniper Networks Releases Security Bulletin for J-Web in Junos OS SRX Series and EX Series Juniper Networks released a security...
CISA: New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways
New Mitigations to Defend Against Exploitation of Ivanti Connect Secure and Policy Secure Gateways CISA is releasing this alert to...
CISA: CISA Releases Eight Industrial Control Systems Advisories
CISA Releases Eight Industrial Control Systems Advisories CISA released eight Industrial Control Systems (ICS) advisories on January 30, 2024. These...
CISA: CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers
CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers Today, CISA and the...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
CISA: CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based...
BlackCat/ALPHV Ransomware Victim: LeClair Group
BlackCat / ALPHV Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
BlackCat/ALPHV Ransomware Victim: Hydraflow
BlackCat / ALPHV Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
BlackCat/ALPHV Ransomware Victim: SportsMEDIA Technology
BlackCat / ALPHV Ransomware NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating to the...
RunC Flaws Enable Container Escapes, Granting Attackers Host Access
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to...
HackerOne Bug Bounty Disclosure: b-cve-ocsp-verification-bypass-with-tls-session-reuse-b-kurohiro
Company Name: b'curl' Company HackerOne URL: https://hackerone.com/curl Submitted By:b'kurohiro'Link to Submitters Profile:https://hackerone.com/b'kurohiro' Report Title:b'CVE-2024-0853: OCSP verification bypass with TLS session...
HackerOne Bug Bounty Disclosure: b-cors-misconfiguration-on-b-k-hacker
Company Name: b'Publitas' Company HackerOne URL: https://hackerone.com/publitas Submitted By:b'2k_hacker'Link to Submitters Profile:https://hackerone.com/b'2k_hacker' Report Title:b'CORS Misconfiguration on 'Report Link:https://hackerone.com/reports/2332728Date Submitted:31 January...
CISA: CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers
CISA and FBI Release Secure by Design Alert Urging Manufacturers to Eliminate Defects in SOHO Routers Today, CISA and the...
Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is...
Hackers Exploiting Ivanti VPN Flaws to Deploy KrustyLoader Malware
A pair of recently disclosed zero-day flaws in Ivanti Connect Secure (ICS) virtual private network (VPN) devices have been exploited...
Telegram Marketplaces Fuel Phishing Attacks with Easy-to-Use Kits and Malware
Cybersecurity researchers are calling attention to the "democratization" of the phishing ecosystem owing to the emergence of Telegram as an...
The SEC Won’t Let CISOs Be: Understanding New SaaS Cybersecurity Rules
The SEC isn't giving SaaS a free pass. Applicable public companies, known as "registrants," are now subject to cyber incident...
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target...
Exclusive Addons for Elementor Plugin for WordPress cross-site scripting | CVE-2024-0824
NAME__________Exclusive Addons for Elementor Plugin for WordPress cross-site scriptingPlatforms Affected:WordPress Exclusive Addons for Elementor Plugin for WordPress 2.6.8Risk Level:6.4Exploitability:HighConsequences:Cross-Site Scripting...
Meks Smart Social Widget Plugin for WordPress cross-site scripting | CVE-2024-0664
NAME__________Meks Smart Social Widget Plugin for WordPress cross-site scriptingPlatforms Affected: WordPress Meks Smart Social Widget plugin for WordPress 1.6.3Risk Level:4.4Exploitability:HighConsequences:Cross-Site...
Backuply Plugin for WordPress directory traversal | CVE-2024-0697
NAME__________Backuply Plugin for WordPress directory traversalPlatforms Affected:WordPress Backuply Plugin for WordPress 1.2.3Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Backuply Plugin for WordPress could allow...
TOTOLINK N200RE buffer overflow | CVE-2024-0999
NAME__________TOTOLINK N200RE buffer overflowPlatforms Affected:TOTOLINK N200RE 9.3.5u.6139_B20201216Risk Level:7.2Exploitability:Proof of ConceptConsequences:Gain Access DESCRIPTION__________TOTOLINK N200RE is vulnerable to a stack-based buffer overflow,...
NODERP information disclosure | CVE-2024-1005
NAME__________NODERP information disclosurePlatforms Affected:Shanxi Diankeyun Technology NODERP 6.0.2 Shanxi Diankeyun Technology NODERP 6.0.1Risk Level:5.3Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________NODERP could allow a remote...
