July 17, 2024 at 07:06AM A CVE-2024-27348-affected Apache HugeGraph-Server vulnerability is being exploited in attacks, as reported by SecurityWeek. Based on the meeting notes, it appears that a recently patched Apache HugeGraph-Server vulnerability, identified as CVE-2024-27348, is being targeted in attacks. Additionally, there are reports of the vulnerability being exploited in the wild as indicated … Read more
October 12, 2023 at 12:46PM Apple has released security updates for older iPhones and iPads to address two zero-day vulnerabilities that were being exploited in attacks. The first vulnerability allows local attackers to elevate privileges on vulnerable devices, while the second vulnerability could allow threat actors to execute arbitrary code. Although Apple has not confirmed … Read more
October 12, 2023 at 10:55AM A WordPress backdoor that disguises itself as a legitimate plugin has been discovered by security firm Defiant. The backdoor can run as a plugin and perform various functions, including creating an admin account and serving malicious content based on specific filters. It can also be operated remotely by the threat … Read more
October 12, 2023 at 10:21AM Apple has released iOS and iPadOS updates to patch a kernel vulnerability (CVE-2023-42824) that has been actively exploited in attacks. The flaw is a local privilege escalation issue, indicating it may have been used as part of an exploit chain. Although Apple has not provided details about the attacks or … Read more
October 12, 2023 at 07:39AM Chinese company Yifan’s industrial routers are vulnerable to critical security flaws, according to Cisco’s Talos. Yifan was given 90 days to release patches, but none have been issued. The flaws can allow attackers to execute arbitrary commands, change admin credentials, and access devices with admin privileges. All vulnerabilities can be … Read more
October 12, 2023 at 06:33AM Researchers have discovered a new type of malware that disguises itself as a WordPress plugin in order to gain control over compromised websites. The malware is capable of creating administrator accounts, remotely controlling the site, altering content, injecting spam links, and redirecting visitors to malicious sites. It is difficult to … Read more