April 16, 2024 at 06:48AM Privileged access management provider Delinea rushed to patch a critical authentication bypass vulnerability in Secret Server SOAP API. Despite attempts at responsible disclosure, the company initially ignored researcher Johnny Yu’s findings. Delinea has since released patches for its platforms and assured customers that their data has not been compromised. No … Read more
November 16, 2023 at 05:50PM A new proof-of-concept (PoC) exploit for a critical security vulnerability in Apache ActiveMQ allows threat actors to achieve remote code execution (RCE) on vulnerable servers. Despite a patch being available, numerous organizations remain exposed, with the HelloKitty ransomware gang taking advantage. Researchers at VulnCheck have developed a more sophisticated exploit … Read more
October 10, 2023 at 09:54AM GitHub’s Security Lab warns Linux users about a remote code execution vulnerability in the Libcue library used by GNOME. The flaw, tracked as CVE-2023-43641, can be exploited by getting the user to click on a malicious link, causing the attacker’s code to be executed. The PoC exploit will be released … Read more