August 21, 2024 at 11:20AM Tenable researchers discovered a server-side request forgery (SSRF) vulnerability in Microsoft’s Copilot Studio tool, allowing attackers to access sensitive cloud-based information. This flaw, tracked as CVE-2024-38206, could impact multiple tenants by bypassing SSRF protection. However, Microsoft has fully mitigated the vulnerability, ensuring no action is required from Copilot Studio users. … Read more
April 15, 2024 at 06:43PM Chirp Systems’ smart locks can be remotely unlocked due to a critical security vulnerability. The issue stems from hard-coded passwords and keys in the Chirp Android app, allowing unauthorized access. Despite being flagged by CISA and given a high severity score, Chirp has not remedied the flaw. RealPage’s acquisition and … Read more
November 21, 2023 at 11:39AM Attackers are exploiting a critical remote code execution vulnerability in Apache ActiveMQ to target Linux systems with a cryptocurrency miner. The malware, known as Kinsing, infects vulnerable systems and deploys a cryptocurrency-mining script that drains resources. The flaw, tracked as CVE-2023-46604, allows remote attackers to execute arbitrary commands on affected … Read more