Exploit released for critical WhatsUp Gold RCE flaw, patch now

December 3, 2024 at 02:00PM A proof-of-concept exploit for a critical remote code execution vulnerability in Progress WhatsUp Gold has been released. It is essential to install the latest security updates immediately to mitigate potential risks. **Meeting Takeaways:** 1. **Critical Security Flaw:** A proof-of-concept exploit has been released for a critical-severity remote code execution vulnerability … Read more

Adobe patches Acrobat bug, neglects to mention whole zero-day, exploit thing

September 12, 2024 at 02:38PM Adobe’s patch for a remote code execution bug in Acrobat downplays the severity of a vulnerability, failing to mention it is considered a zero-day with a proof-of-concept exploit. Despite a CVSS base score of 7.8, a warning highlights its critical nature. Adobe has confirmed the need for a secondary fix. … Read more

Adobe fixes Acrobat Reader zero-day with public PoC exploit

September 11, 2024 at 01:44PM A critical “use after free” vulnerability (CVE-2024-41869) in Adobe Acrobat Reader could lead to remote code execution through specially crafted PDF documents. Discovered in June, a security fix was initially ineffective, but a new release has addressed the issue. This discovery stems from cybersecurity researcher Haifei Li’s EXPMON platform, aiming … Read more

QNAP Rushes Patch for Code Execution Flaw in NAS Devices

May 21, 2024 at 12:45PM QNAP Systems issued patches for multiple vulnerabilities, including CVE-2024-27130, described as an unsafe use of the ‘strcpy’ function in the No_Support_ACL function, leading to a stack buffer overflow and potential remote code execution. QNAP advised users to update to QTS 5.1.7 to mitigate the risk and address multiple other vulnerabilities. … Read more

Hackers use Citrix Bleed flaw in attacks on govt networks worldwide

November 1, 2023 at 02:49PM Threat actors are targeting government, technical, and legal organizations globally by exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. The attacks have been ongoing since August 2023 and involve credential theft and lateral movement. The attacks are difficult to detect due to limited forensic evidence. … Read more