January 30, 2024 at 11:36AM GitLab released fixes for a critical security flaw (CVE-2024-0402) in its Community and Enterprise Editions, allowing unauthorized writing of files. Patches have been backported, and additional medium-severity flaws were resolved. Users are urged to upgrade to the latest version promptly. This follows recent fixes to address critical vulnerabilities in the … Read more
January 29, 2024 at 09:17AM A Microsoft Outlook security flaw, CVE-2023-35636, could expose NTLM v2 hashed passwords through a specially crafted file, recently patched by Microsoft. Attackers could exploit it via email or web, convincing users to open the file or click a link. Varonis researcher Dolev Taler reported the bug, highlighting potential leakage vulnerabilities. … Read more
January 24, 2024 at 02:00AM A critical security flaw (CVE-2024-0204) in Fortra’s GoAnywhere MFT software allows unauthorized user to create admin user. Users unable to upgrade to v7.4.1 should delete InitialAccountSetup.xhtml file in non-container deployments. For container-deployed instances, file should be replaced with empty file and restarted. No evidence of active exploitation. (Words: 49) Key … Read more
January 4, 2024 at 04:46PM Ivanti resolved a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM), impacting all supported versions. Attackers on internal networks can exploit the flaw without requiring privileges or user interaction. Ivanti has prevented public access to full details on the vulnerability, aiming to provide customers with time … Read more
December 21, 2023 at 11:49AM OpenAI has addressed a data exfiltration bug in ChatGPT that could leak conversation details. The latest fix includes client-side checks, but it’s not perfect and attackers may still exploit it under certain conditions. Safety checks are not yet implemented in the iOS app, leaving the risk unaddressed. The issue was … Read more
December 11, 2023 at 05:48PM A critical security flaw in the WordPress Backup Migration plugin (CVE-2023-6553) allows unauthenticated attackers to remotely execute PHP code, compromising vulnerable websites. The bug, rated 9.8/10 in severity, was quickly patched after being reported to BackupBliss. However, many websites remain vulnerable, and WordPress admins are urged to take immediate action … Read more
November 28, 2023 at 04:30PM Google has released an emergency security update to fix the fifth Chrome zero-day vulnerability of the year. The vulnerability, CVE-2023-6345, was being actively exploited in attacks. Google acknowledged the exploit and released patched versions for Windows, Mac, and Linux users. The company is restricting access to bug details until most … Read more
November 15, 2023 at 05:09AM A vulnerability affecting certain Intel processors, tracked as Reptar and CVE-2023-23583, has been discovered. It could result in a crash, privilege escalation, and information disclosure. Intel has released microcode updates to address the issue, and users are advised to ensure their BIOS, system OS, and drivers are up to date. … Read more
November 14, 2023 at 11:27PM VMware has issued a warning about a critical security flaw in Cloud Director that could allow unauthorized access. The vulnerability affects instances upgraded to version 10.5 and can be exploited to bypass login restrictions on certain ports. A fix has not yet been released, but a workaround is available. This … Read more
November 14, 2023 at 04:47PM VMware has disclosed a critical authentication bypass vulnerability affecting Cloud Director appliance deployments. The vulnerability only affects certain versions of the appliance and can be exploited remotely without user interaction. While no patch is available, VMware has provided a temporary workaround that does not disrupt functionality or require downtime. After … Read more