Watering Hole Attack on Kurdish Sites Distributing Malicious APKs and Spyware
As many as 25 websites linked to the Kurdish minority have been compromised as part of a watering hole attack...
OSINT
EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these...
CVE Alert: CVE-2024-20434
Vulnerability Summary: CVE-2024-20434 A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial...
CVE Alert: CVE-2024-20455
Vulnerability Summary: CVE-2024-20455 A vulnerability in the process that classifies traffic that is going to the Unified Threat Defense (UTD)...
CVE Alert: CVE-2024-20480
Vulnerability Summary: CVE-2024-20480 A vulnerability in the DHCP Snooping feature of Cisco IOS XE Software on Software-Defined Access (SD-Access) fabric...
CVE Alert: CVE-2024-20436
Vulnerability Summary: CVE-2024-20436 A vulnerability in the HTTP Server feature of Cisco IOS XE Software when the Telephony Service feature...
CVE Alert: CVE-2024-20437
Vulnerability Summary: CVE-2024-20437 A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote...
CVE Alert: CVE-2024-20465
Vulnerability Summary: CVE-2024-20465 A vulnerability in the access control list (ACL) programming of Cisco IOS Software running on Cisco Industrial...
CVE Alert: CVE-2024-20467
Vulnerability Summary: CVE-2024-20467 A vulnerability in the implementation of the IPv4 fragmentation reassembly code in Cisco IOS XE Software could...
CVE Alert: CVE-2024-20510
Vulnerability Summary: CVE-2024-20510 A vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers...
CVE Alert: CVE-2024-20464
Vulnerability Summary: CVE-2024-20464 A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XE Software could allow an...
CVE Alert: CVE-2024-20475
Vulnerability Summary: CVE-2024-20475 A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could...
Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting,...
Chinese Hackers Infiltrate U.S. Internet Providers in Cyber Espionage Campaign
Nation-state threat actors backed by Beijing broke into a "handful" of U.S. internet service providers (ISPs) as part of a...
CVE Alert: CVE-2024-20508
Vulnerability Summary: CVE-2024-20508 A vulnerability in Cisco Unified Threat Defense (UTD) Snort Intrusion Prevention System (IPS) Engine for Cisco IOS...
CVE Alert: CVE-2024-8975
Vulnerability Summary: CVE-2024-8975 Unquoted Search Path or Element vulnerability in Grafana Alloy on Windows allows Privilege Escalation from Local User...
CVE Alert: CVE-2024-47315
Vulnerability Summary: CVE-2024-47315 Cross-Site Request Forgery (CSRF) vulnerability in GiveWP.This issue affects GiveWP: from n/a through 3.15.1. Affected Endpoints: No...
CVE Alert: CVE-2024-20496
Vulnerability Summary: CVE-2024-20496 A vulnerability in the UDP packet validation code of Cisco SD-WAN vEdge Software could allow an unauthenticated,...
CVE Alert: CVE-2024-8996
Vulnerability Summary: CVE-2024-8996 Unquoted Search Path or Element vulnerability in Grafana Agent (Flow mode) on Windows allows Privilege Escalation from...
CVE Alert: CVE-2024-46655
Vulnerability Summary: CVE-2024-46655 A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the...
CVE Alert: CVE-2023-51157
Vulnerability Summary: CVE-2023-51157 Cross Site Scripting vulnerability in ZKTeco WDMS v.5.1.3 Pro allows a remote attacker to execute arbitrary code...
CVE Alert: CVE-2024-46488
Vulnerability Summary: CVE-2024-46488 sqlite-vec v0.1.1 was discovered to contain a heap buffer overflow via the npy_token_next function. This vulnerability allows...
CVE Alert: CVE-2024-47082
Vulnerability Summary: CVE-2024-47082 Strawberry GraphQL is a library for creating GraphQL APIs. Prior to version 0.243.0, multipart file upload support...
CVE Alert: CVE-2024-47305
Vulnerability Summary: CVE-2024-47305 Cross-Site Request Forgery (CSRF) vulnerability in Dnesscarkey Use Any Font allows Cross Site Request Forgery.This issue affects...
