July 14, 2024 at 11:37AM Cloudflare’s 2024 Application Security report highlights the rapid weaponization of proof-of-concept exploits, with attackers acting as quickly as 22 minutes after publication. The report identifies the most targeted CVEs, emphasizing the need for AI assistance to develop effective detection rules. Additionally, the report reveals a significant increase in DDoS traffic, … Read more
July 3, 2024 at 06:24AM Qualys discovered a critical OpenSSH vulnerability, CVE-2024-6387, known as regreSSHion, that allows unauthenticated attackers to execute remote code. More than 14 million OpenSSH instances are potentially vulnerable. Exploitation is challenging and not yet confirmed in the wild. While attempts have been made, Palo Alto Networks was unable to achieve remote … Read more
January 28, 2024 at 12:17PM Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to access arbitrary files have been made public. SonarSource discovered two flaws, one granting unauthorized file reading and the other enabling arbitrary command execution. Jenkins released fixes with advisory and PoCs have been created, with reported active attacks. … Read more