TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers

June 11, 2024 at 10:28AM TellYouThePass ransomware gang has swiftly exploited the critical CVE-2024-4577 vulnerability in PHP, despite a recent patch. Using publicly available exploit code, they deploy webshells and execute an encryptor payload. By injecting a ransomware variant into memory, they demand 0.1 BTC for decryption. Over 450,000 exposed PHP servers could be vulnerable. … Read more

Maximum severity Flowmon bug has a public exploit, patch now

April 24, 2024 at 04:12PM Proof-of-concept exploit code for a critical security vulnerability in Progress Flowmon, used by over 1,500 companies worldwide, including SEGA and Volkswagen, has been released. The flaw, with severity score of 10/10, allows remote unauthenticated access and arbitrary command execution. Progress Software urged all system admins to update to versions 12.3.4 … Read more

Cisco discloses root escalation flaw with public exploit code

April 17, 2024 at 01:28PM Cisco has issued patches for a high-severity vulnerability in its Integrated Management Controller (IMC), allowing local attackers to escalate privileges to root using crafted CLI commands. The flaw, tracked as CVE-2024-20295, affects various Cisco devices and has a public exploit code available. Cisco has also observed recent zero-day attacks on … Read more

Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

April 16, 2024 at 02:38PM A critical vulnerability, tracked as CVE-2024-3400, has been actively exploited in Palo Alto Networks’ PAN-OS firewall software. Threat actors can execute arbitrary code as root via command injection, impacting PAN-OS 10.2, 11.0, and 11.1. Palo Alto Networks is releasing hotfixes, urging users to disable certain features and providing threat prevention … Read more

Exploit released for Fortinet RCE bug used in attacks, patch now

March 21, 2024 at 11:18AM Security researchers have released a PoC exploit for a critical SQL injection vulnerability in Fortinet’s FortiClient EMS. Tracked as CVE-2023-48788, it impacts versions 7.0 and 7.2, allowing unauthenticated threat actors to gain RCE with SYSTEM privileges. With Horizon3’s PoC, attackers can modify it to use Microsoft SQL Server xp_cmdshell for … Read more

Exploit released for critical Cisco IOS XE flaw, many hosts still hacked

October 30, 2023 at 11:15PM Public exploit code for the critical Cisco IOS XE vulnerability (CVE-2023-20198) is now available, which has been used to hack tens of thousands of devices. Cisco has released patches for most IOS XE software releases, but internet scans show that thousands of systems are still compromised. Researchers have provided details … Read more

VMware warns admins of public exploit for vRealize RCE flaw

October 24, 2023 at 10:56AM VMware has alerted customers to the availability of proof-of-concept exploit code for an authentication bypass flaw in vRealize Log Insight (now VMware Aria Operations for Logs). Tracked as CVE-2023-34051, the vulnerability allows unauthenticated attackers to remotely execute code with root permissions. Researchers have released a technical analysis, a proof-of-concept exploit, … Read more

US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability

October 17, 2023 at 07:12AM The US cybersecurity agency CISA, together with the FBI and MS-ISAC, has issued a warning about a zero-day vulnerability in Atlassian Confluence Data Center and Server. Tracked as CVE-2023-22515, the flaw has been exploited by a nation-state threat actor since September 14. It allows unauthorized access, creation of administrative accounts, … Read more