December 22, 2023 at 01:12PM Google has released an urgent update to address a critical vulnerability in Chrome, identified as CVE-2023-7024. This heap buffer overflow flaw in Chrome’s WebRTC module allows remote code execution. While the threat is significant, Chrome’s sandbox and site isolation features provide some protection. The bug also extends to Microsoft Edge, … Read more
December 12, 2023 at 11:53AM A critical unauthenticated RCE bug in the Backup Migration plug-in for WordPress, tracked as CVE-2023-6553, allows threat actors to execute arbitrary PHP code and compromise sites. Wordfence blocked 39 attacks targeting this vulnerability, prompting a patch release by BackupBliss. All versions up to 1.3.7 are vulnerable; users should update to … Read more
November 16, 2023 at 05:50PM A new proof-of-concept (PoC) exploit for a critical security vulnerability in Apache ActiveMQ allows threat actors to achieve remote code execution (RCE) on vulnerable servers. Despite a patch being available, numerous organizations remain exposed, with the HelloKitty ransomware gang taking advantage. Researchers at VulnCheck have developed a more sophisticated exploit … Read more
November 6, 2023 at 04:59PM Veeam has released hotfixes to address four vulnerabilities in its Veeam ONE IT infrastructure monitoring and analytics platform. Two of the vulnerabilities are critical and allow attackers to gain remote code execution and steal NTLM hashes. The remaining two are medium-severity bugs. The company has provided hotfixes for actively supported … Read more
October 31, 2023 at 11:51AM Hackers are actively exploiting a critical vulnerability in F5’s BIG-IP product, just five days after its disclosure. The flaw allows for remote code execution and unauthorized access. F5 has released hotfixes and is urging customers to install them immediately. Attackers are also exploiting another vulnerability in BIG-IP’s configuration utility. F5 … Read more
October 13, 2023 at 11:38AM A single-click exploit has raised concerns about the security of Microsoft’s Visual Studio IDE once again. Developed by security researcher Zhiniang Peng, the exploit takes advantage of the default implementation of the IDE’s “trusted locations” feature. Peng argues that enabling this feature by default would protect users from potential attacks, … Read more
October 11, 2023 at 06:42AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities catalog. These include an Adobe Acrobat and Reader flaw that can be exploited for remote code execution, an out-of-bounds write flaw in Cisco IOS and IOS XE, two zero-days impacting Skype for … Read more
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information … Read more
October 10, 2023 at 12:07PM Researchers have discovered a high-severity remote code execution (RCE) vulnerability in a component of GNOME-based Linux distros. Tracked as CVE-2023-43641, the exploit takes advantage of the libcue library, used to parse cue sheets, and the tracker-miners application. The vulnerability affects all GNOME-based distros and can be triggered by downloading a … Read more