China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns
China's National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the...
OSINT
The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short
In recent years, the number and sophistication of zero-day vulnerabilities have surged, posing a critical threat to organizations of all...
CVE Alert: CVE-2024-45737
Vulnerability Summary: CVE-2024-45737 In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108, and...
CVE Alert: CVE-2024-45735
Vulnerability Summary: CVE-2024-45735 In Splunk Enterprise versions below 9.2.3 and 9.1.6, and Splunk Secure Gateway versions on Splunk Cloud Platform...
CVE Alert: CVE-2024-45736
Vulnerability Summary: CVE-2024-45736 In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204,...
CVE Alert: CVE-2024-45738
Vulnerability Summary: CVE-2024-45738 In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to...
CVE Alert: CVE-2024-45739
Vulnerability Summary: CVE-2024-45739 In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local...
CVE Alert: CVE-2024-47826
Vulnerability Summary: CVE-2024-47826 eLabFTW is an open source electronic lab notebook for research labs. A vulnerability in versions prior to...
CVE Alert: CVE-2024-47767
Vulnerability Summary: CVE-2024-47767 Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap...
CVE Alert: CVE-2024-46980
Vulnerability Summary: CVE-2024-46980 Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap...
CVE Alert: CVE-2024-45740
Vulnerability Summary: CVE-2024-45740 In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403, a low-privileged...
CVE Alert: CVE-2024-45741
Vulnerability Summary: CVE-2024-45741 In Splunk Enterprise versions below 9.2.3 and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.108 and 9.1.2312.205,...
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates....
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow...
CVE Alert: CVE-2024-6207
Vulnerability Summary: CVE-2024-6207 CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html and send a specially crafted CIP message to the device. If exploited, a threat...
CVE Alert: CVE-2024-46988
Vulnerability Summary: CVE-2024-46988 Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap...
CVE Alert: CVE-2024-47885
Vulnerability Summary: CVE-2024-47885 The Astro web framework has a DOM Clobbering gadget in the client-side router starting in version 3.0.0...
CVE Alert: CVE-2024-47831
Vulnerability Summary: CVE-2024-47831 Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x...
CVE Alert: CVE-2024-47766
Vulnerability Summary: CVE-2024-47766 Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap...
CVE Alert: CVE-2024-30117
Vulnerability Summary: CVE-2024-30117 A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the...
CVE Alert: CVE-2024-35520
Vulnerability Summary: CVE-2024-35520 Netgear R7000 1.0.11.136 is vulnerable to Command Injection in RMT_invite.cgi via device_name2 parameter. Affected Endpoints: No affected...
CVE Alert: CVE-2024-35518
Vulnerability Summary: CVE-2024-35518 Netgear EX6120 v1.0.0.68 is vulnerable to Command Injection in genie_fix2.cgi via the wan_dns1_pri parameter. Affected Endpoints: No...
CVE Alert: CVE-2024-48909
Vulnerability Summary: CVE-2024-48909 SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version...
CVE Alert: CVE-2024-35519
Vulnerability Summary: CVE-2024-35519 Netgear EX6120 v1.0.0.68, Netgear EX6100 v1.0.2.28, and Netgear EX3700 v1.0.0.96 are vulnerable to command injection in operating_mode.cgi...
