October 8, 2024 at 08:36AM A popular WordPress plug-in, LiteSpeed Cache, containing a cross-site scripting flaw (CVE-2024-47374), has been exploited by attackers, potentially enabling privilege escalation and malicious code installation on affected websites. A simple patch has been issued by Patchstack, allowing administrators to update to the fixed version 6.5.1 immediately to prevent vulnerabilities. After … Read more
October 4, 2024 at 06:00AM A high-severity security flaw in the LiteSpeed Cache plugin for WordPress (CVE-2024-47374) allows for arbitrary JavaScript code execution. The flaw was patched in version 6.5.1 on September 25, 2024, after being responsibly disclosed. This vulnerability could enable privilege escalation and affects all versions up to 6.5.0.2, potentially impacting the over … Read more
October 3, 2024 at 02:33AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-29824, allows for remote code execution and is actively targeted by threat actors. Federal agencies are … Read more
October 2, 2024 at 09:03AM Cybersecurity researchers have revealed that 5% of Adobe Commerce and Magento stores were hacked using a vulnerability named CosmicSting (CVE-2024-34102), allowing remote code execution. The flaw was patched by Adobe in June 2024 but is being widely exploited. Several companies have been affected, with various groups utilizing the exploit for … Read more
October 2, 2024 at 06:27AM A critical vulnerability in Zimbra was exploited in the wild to deploy a web shell on vulnerable servers shortly after a proof-of-concept release. This raised significant concerns regarding the security of Zimbra systems. Source: SecurityWeek. Based on the meeting notes, the key takeaway is that a critical-severity vulnerability in Zimbra … Read more
October 2, 2024 at 02:31AM A critical security flaw, CVE-2024-45519, has been actively exploited in Synacor’s Zimbra Collaboration. The flaw allows unauthenticated attackers to execute arbitrary commands. The issue was addressed in Zimbra versions 8.8.15 Patch 46, 9.0.0 Patch 41, 10.0.9, and 10.1.1. Users are strongly advised to apply the latest patches for protection. Key … Read more
September 30, 2024 at 08:08AM A critical vulnerability in NVIDIA Container Toolkit affects AI applications using it for GPU resource access in cloud or on-premise environments. It looks like the meeting notes are discussing a critical vulnerability in the NVIDIA Container Toolkit that affects all AI applications using GPU resources in both cloud and on-premise … Read more
September 29, 2024 at 11:13PM Cybersecurity expert Sam Curry discovered a vulnerability in Kia vehicles, allowing unauthorized access and the theft of personal details. Another critical vulnerability in Ivanti Traffic Manager was identified, and a UK citizen faces charges for hacking US companies. Additionally, Monaco-based Namebay experienced a ransomware attack, while a cyber attack on … Read more
September 27, 2024 at 12:42PM Progress Software has addressed six security flaws in WhatsUp Gold, including two critical vulnerabilities, through updates in version 24.0.1. The CVE identifiers for the flaws and their respective CVSS scores have been listed. Security researcher Sina Kheirkhah and others have been credited with discovering and reporting the flaws. Users are … Read more
September 27, 2024 at 02:48AM A security flaw in NVIDIA Container Toolkit (CVE-2024-0132) allows threat actors to escape container confines and access the underlying host. The vulnerability affects NVIDIA Container Toolkit v1.16.1 and earlier, and NVIDIA GPU Operator up to 24.6.1. Addressed in versions v1.16.2 and 24.6.2, the flaw poses potential risks and requires immediate … Read more