May 14, 2024 at 10:39AM Google has released emergency fixes for a high-severity zero-day flaw in the Chrome web browser (CVE-2024-4761) actively exploited in the wild. The vulnerability affects the V8 JavaScript and WebAssembly engine and could allow data corruption, crashes, or execution of arbitrary code. Google urges users to upgrade to Chrome version 124.0.6367.207/.208 … Read more
May 14, 2024 at 09:48AM VMware, owned by Broadcom, issues security advisory for Workstation and Fusion, announcing patches for vulnerabilities exploited at Pwn2Own hacking competition. Advisories are now available on Broadcom’s support website. The latest advisory details four vulnerabilities, with three reported at Pwn2Own Vancouver 2024 and the fourth by a researcher outside the competition. … Read more
May 14, 2024 at 08:40AM In 2014, a critical vulnerability in OpenSSL, dubbed Heartbleed (CVE-2014-0160), was discovered, allowing attackers to extract sensitive information from servers. Codenomicon branded the flaw with a logo and website, raising awareness and prompting organizations to patch systems. The practice of naming vulnerabilities has sparked debates about caution versus hype in … Read more
May 14, 2024 at 08:30AM Cacti network monitoring framework has addressed a dozen security flaws, including critical vulnerabilities like arbitrary code execution via file write and command injection. These flaws impact all versions prior to 1.2.26 and have been fixed in version 1.2.27. Users are advised to update to the latest version promptly to mitigate … Read more
May 10, 2024 at 07:00AM Google released security updates to fix a zero-day flaw (CVE-2024-4671) in Chrome actively exploited in the wild. The vulnerability involves use-after-free in the Visuals component, reported by an anonymous researcher on May 7, 2024. This is the second zero-day addressed by Google in 2024. Users are advised to upgrade their … Read more
May 10, 2024 at 04:03AM Cybersecurity researchers have uncovered a new attack, LLMjacking, targeting cloud-hosted large language model (LLM) services. Attackers use stolen cloud credentials to access LLMs, exploiting vulnerable systems like Laravel Framework and AWS. By querying logging settings, attackers aim to evade detection while racking up substantial costs for victims. Organizations are advised … Read more
May 8, 2024 at 04:28AM A high-severity vulnerability (CVE-2023-40000, CVSS score: 8.3) in the LiteSpeed Cache plugin for WordPress is being actively exploited by threat actors to create rogue admin accounts. The flaw, which allows for stored cross-site scripting, was disclosed in February 2024 and fixed in version 5.7.0.1. Users are urged to update and … Read more
May 6, 2024 at 08:20PM Citrix quietly addressed a vulnerability in its NetScaler ADC and Gateway appliances, similar to “CitrixBleed” but less serious. The flaw allowed attackers to occasionally capture sensitive information, although Citrix didn’t assign a CVE identifier. Bishop Fox reported the issue to Citrix in January, urging affected organizations to update their systems. … Read more
May 6, 2024 at 10:54AM A critical unpatched security flaw in the Tinyproxy service impacts more than half of the 90,310 exposed hosts, making them vulnerable to remote code execution. The vulnerability, with a CVSS score of 9.8, affects versions 1.10.0 and 1.11.1 and is being actively exploited. Users are urged to update to the … Read more
May 3, 2024 at 01:21AM HPE Aruba Networking has released critical security updates for ArubaOS to address 10 security flaws, including four rated as severe threats. These vulnerabilities allow remote code execution and affect various software versions, impacting devices managed by Aruba Central. Security researcher Chancen discovered seven of the issues. Users are urged to … Read more