August 28, 2024 at 02:34PM Threat actors are exploiting a critical remote code execution bug in Atlassian to turn cloud environments into cryptomining networks. Trend Micro uncovered attacks that drain network resources using the flaw CVE-2023-22527 in Confluence Data Center and Server. The attackers use various methods and recommended patching the environment to prevent exploitation. … Read more
August 27, 2024 at 11:18AM A critical vulnerability in the WPML multilingual plugin for WordPress, tracked as CVE-2024-6386 with a CVSS score of 9.9, could expose over one million websites to remote code execution (RCE). The issue, involving a server-side template injection (SSTI), was resolved in WPML version 4.6.13, released on August 20. Users are … Read more
July 29, 2024 at 04:55PM A threat actor claims to have acquired email addresses and hashes from over 105 breached ServiceNow databases by exploiting two critical vulnerabilities, CVE-2024-4879 and CVE-2024-5217. The U.S. CISA has added the bugs to its exploited vulnerabilities catalog, and attacks are expected to escalate. ServiceNow has issued hotfixes for the flaws. … Read more
May 14, 2024 at 11:59AM Apple released security updates to address the CVE-2024-27834 zero-day vulnerability in Safari. The flaw was exploited during Pwn2Own Vancouver, earning the discoverer $60,000. The update is available for macOS Monterey and macOS Ventura, with instructions to update Safari separately from the operating system. Pwn2Own Vancouver 2024 resulted in $1,132,500 in … Read more
March 19, 2024 at 05:16PM Electronic Arts is investigating the RCE exploit used by hackers to inject cheats into Apex Legends Global Series games. It appears that Electronic Arts is working to identify and address the RCE exploit that led to hackers injecting cheats into games during the Apex Legends Global Series. Full Article