July 5, 2024 at 08:41AM Infosec experts are discussing a vulnerability in Ghostscript, which may lead to significant breaches. The format string bug, designated as CVE-2024-29510, allows remote code execution (RCE) on systems running Ghostscript. It poses a serious threat to web applications and services utilizing Ghostscript for document conversion and preview functionality. The severity … Read more
July 1, 2024 at 09:39AM A new OpenSSH vulnerability, known as “regreSSHion,” allows unauthenticated remote attackers to gain root privileges on glibc-based Linux systems. If exploited, it could lead to severe consequences such as system takeover and data manipulation. The vulnerability affects OpenSSH servers on Linux from version 8.5p1 up to version 9.8p1 and can … Read more
June 13, 2024 at 03:40PM Researchers developed a proof-of-concept exploit for an SQL injection bug, CVE-2024-29824, in Ivanti Endpoint Manager. The bug allows unauthenticated attackers to execute code remotely, posing a significant threat. Ivanti responded promptly, releasing a patch within six weeks. Organizations are advised to implement the patch and restrict access to the management … Read more
June 12, 2024 at 12:45PM Microsoft addressed a critical remote code execution vulnerability in its June 2024 Patch Tuesday updates. Tracked as CVE-2024-30103, it allows attackers to create malicious DLL files and initiate execution when an affected email is opened in Outlook. This zero-click vulnerability can be exploited for initial access and requires immediate client … Read more
June 6, 2024 at 01:33PM Two remote code execution (RCE) vulnerabilities in ThinkPHP, CVE-2018-20062 and CVE-2019-9082, patched over five years ago, are being exploited in ongoing attacks. Chinese-speaking threat actors use the web shell “Dama” to compromise servers, bypass PHP functions, and escalate privileges. Organizations are urged to urgently patch, as attackers target unpatched systems. … Read more
June 4, 2024 at 08:39AM A critical vulnerability (CVE-2024-4358, CVSS 9.8) in Progress Software’s Telerik Report Server allows remote attackers to bypass authentication, creating an admin user. An exploited deserialization flaw (CVE-2024-1800) enables remote code execution. Progress addressed both vulnerabilities in version 2024 Q1 (10.0.24.305). Users should update promptly to prevent exploitation. Based on the … Read more
May 29, 2024 at 02:10PM A critical vulnerability in Fortinet’s FortiSIEM product, CVE-2024-23108, poses a significant risk for potential exploitation. Dubbed “NodeZero” by researchers at Horizon3AI, the exploit enables unauthorized remote code execution on vulnerable appliances. Users of affected versions should patch immediately to mitigate the risk and prevent compromise. Based on the meeting notes, … Read more
May 28, 2024 at 12:25PM Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet’s FortiSIEM solution, impacting versions 6.4.0 and higher. Tracked as CVE-2024-23108, the flaw enables remote command execution as root without authentication. This PoC exploit could allow attackers to execute unauthorized commands and must be addressed promptly to … Read more
May 20, 2024 at 11:42AM Fluent Bit, a widely used logging utility, has a critical vulnerability allowing DoS attacks, information disclosure, and potential RCE. Tenable found a memory corruption flaw, affecting major cloud and tech companies. While a patch is developed, it’s not released. Users are advised to mitigate risks by restricting API access and … Read more
April 25, 2024 at 12:50PM “Over 1,400 vulnerable CrushFTP servers exposed online are currently targeted by attacks exploiting a critical SSTI vulnerability (CVE-2024-4040), allowing unauthenticated attackers to gain remote code execution. The severity of the flaw was confirmed by Rapid7, with 1,401 unpatched instances discovered. Active exploitation of the zero-day was reported, prompting urgent patching … Read more