January 16, 2024 at 09:12AM Quarkslab discovered multiple critical vulnerabilities in the EDK II network stack, posing a risk of remote code execution attacks. These vulnerabilities, known as PixieFAIL, affect the PXE implementation and are utilized by various vendors, including Microsoft. Quarkslab released proof-of-concept code for the vulnerabilities and anticipates the CERT Coordination Center to … Read more
October 11, 2023 at 03:40PM China-sponsored APT Storm-0062 is responsible for exploiting a critical bug in Atlassian Confluence Server, according to Microsoft. Proof-of-concept exploits are now available, indicating potential mass exploitation. The vulnerability (CVE-2023-22515) allows remote code execution without authentication. Microsoft identified four IP addresses associated with the exploit and warned of the creation of … Read more
October 10, 2023 at 09:54AM GitHub’s Security Lab warns Linux users about a remote code execution vulnerability in the Libcue library used by GNOME. The flaw, tracked as CVE-2023-43641, can be exploited by getting the user to click on a malicious link, causing the attacker’s code to be executed. The PoC exploit will be released … Read more