June 30, 2024 at 10:35AM The widely used ‘ip’ open-source project had its GitHub repository made “read-only” after developer Fedor Indutny received a dubious CVE report and experienced increased scrutiny due to a vulnerability in the ‘node-ip’ project, affecting JavaScript developers. This pattern of inflated CVE reports is causing frustration for developers and clouding the … Read more
June 28, 2024 at 07:12AM Fortra released patches for a critical SQL injection vulnerability (CVE-2024-5276, CVSS 9.8) in FileCatalyst Workflow version 5.1.6 Build 135 and earlier. This flaw could create administrative user accounts and modify application data. Tenable identified the issue and published PoC code for exploiting it. Fortra addressed the vulnerability in version 5.1.6 … Read more
June 27, 2024 at 10:57AM A critical vulnerability affecting certain versions of GitLab allows running pipelines as any user, with a severity score of 9.6 out of 10. It impacts versions from 15.8 through 16.11.4, 17.0.0 to 17.0.2, and 17.1.0 to 17.1.0, with updates to versions 17.1.1, 17.0.3, and 16.11.5 available. Two breaking changes and … Read more
June 27, 2024 at 03:36AM A critical security flaw, tracked as CVE-2024-5276, has been disclosed in Fortra FileCatalyst Workflow, allowing attackers to tamper with the application database. The vulnerability, with a CVSS score of 9.8, impacts versions 5.1.6 Build 135 and earlier, but has been addressed in version 5.1.6 build 139. Tenable released a proof-of-concept … Read more
June 26, 2024 at 04:48PM Apple released a firmware update for AirPods to fix a vulnerability that could allow unauthorized access. The CVE-2024-27867 vulnerability affects various Apple headphone models, enabling attackers in Bluetooth range to spoof a paired device and gain access. The update addresses the authentication issue and is automatically delivered to user’s devices. … Read more
June 26, 2024 at 11:21AM A critical security flaw CVE-2024-5806 impacting Progress Software MOVEit Transfer enables attackers to bypass SFTP authentication, with exploitation attempts already reported. Researchers emphasize risks and urge immediate action, including patching and restricting server access. The flaw affects numerous systems worldwide, making prompt updates essential. CISA also disclosed a recent cybersecurity … Read more
June 26, 2024 at 06:57AM Apple has released a firmware update addressing an authentication issue affecting various headphone models, allowing potential unauthorized access. The vulnerability could enable eavesdropping on private conversations. Additionally, a logic flaw in visionOS has been patched to prevent a denial-of-service attack. This comes after the rollout of updates to address 21 … Read more
June 26, 2024 at 06:05AM Progress Software announced patches for two critical authentication bypass vulnerabilities affecting its MOVEit Transfer file transfer software. CVE-2024-5805 and CVE-2024-5806 were identified, with the latter already targeted by exploitation attempts. The company enacted patches for both, with further mitigations for CVE-2024-5806’s third-party component vulnerability, amidst heightened security concerns. After reviewing … Read more
June 25, 2024 at 09:44AM A critical vulnerability in discontinued Zyxel NAS devices, tracked as CVE-2024-29973, allows for remote code execution through crafted HTTP POST requests. Exploited by a Mirai-like botnet, the flaw was discovered by security researcher Timothy Hjort. Zyxel released patches for the vulnerability, urging users to update devices or consider replacing them. … Read more
June 24, 2024 at 10:24AM Cybersecurity researchers disclosed a security flaw, CVE-2024-37032, affecting the Ollama open-source AI platform, enabling remote code execution. The issue was fixed in version 0.1.34. Exploiting the vulnerability involves manipulating HTTP requests. In default Linux installations, the risk is lowered, but Docker deployments are at high risk. Wiz identified over 1,000 … Read more