May 6, 2024 at 03:55PM Mastodon has delayed an update to address link preview DDoS issues. The decentralized nature of the network causes link previews to trigger overwhelming fetch requests, impacting host servers. The update, now deferred to version 4.4.0, aims to resolve this. Additionally, the decentralized model poses challenges, as evidenced by a critical … Read more
March 24, 2024 at 02:47PM Up to 300,000 servers/devices on the internet are vulnerable to a recently disclosed Loop Denial-of-Service technique, impacting UDP-based services such as TFTP, DNS, and NTP. The attack, disclosed by researchers in Germany, creates an infinite loop of error messages between servers. The method has not been exploited in the field … Read more
January 22, 2024 at 08:45AM Security researchers detect exploitation attempts for the critical CVE-2023-22527 vulnerability affecting older Atlassian Confluence servers, potentially exposing them to remote code execution. Atlassian provides fixes for affected versions and reports multiple attempts to exploit the flaw, mainly from Russian IP addresses. Server administrators are advised to update to a secure … Read more
November 1, 2023 at 02:11PM Over 3,000 internet-exposed Apache ActiveMQ servers are vulnerable to a critical newly disclosed remote code execution (RCE) vulnerability, known as CVE-2023-46604. Exploiting this flaw allows attackers to execute arbitrary shell commands. The vulnerability affects various versions of ActiveMQ, but patches have been released to address the issue. Researchers have found … Read more