A high-severity vulnerability has been discovered in Kubernetes, potentially allowing attackers to execute arbitrary commands outside of container boundaries. Tracked as CVE-2024-10220 and assigned a CVSS score of 8.1, the...
The U.S. Department of Justice announced charges against five individuals accused of orchestrating a sophisticated phishing scheme that targeted employees across the nation. The defendants allegedly stole “intellectual property and...
Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could allow unauthenticated attackers...
In a detailed report by Trend Micro, the emergence of a new LODEINFO malware campaign has been linked to Earth Kasha, a threat group operating within what the researchers term...
The Common Weakness Enumeration (CWE) Top 25 list for 2024 has been released, and it provides a critical roadmap for addressing the most pervasive and hazardous vulnerabilities that plague modern...
Security researcher Snoolie K has published an in-depth analysis of a significant security flaw in WorkflowKit, which has been assigned CVE-2024-27821. This vulnerability, dubbed the “WorkflowKit Race Vulnerability,” targets the...
Recently, Palo Alto Networks has released an in-depth analysis of FrostyGoop, also known as BUSTLEBERM, a sophisticated malware targeting operational technology (OT). This malware gained attention in July 2024 when...
CrowdStrike has revealed a new China-nexus state-sponsored adversary tracked as LIMINAL PANDA, which has been systematically targeting telecommunications providers since at least 2020. This revelation comes ahead of Adam Meyers,...
Veritas has released a security advisory regarding a critical remote code execution (RCE) vulnerability affecting multiple versions of its Enterprise Vault (EV) software. Rated as a CVSS v3.1 score of...
Aqua Nautilus security researchers have uncovered a novel attack vector where threat actors exploit misconfigured servers, particularly JupyterLab and Jupyter Notebook environments, to hijack computing resources for illegal live sports...
Ruckus APs running specific software versions are vulnerable to unauthenticated remote code execution attacks. Ruckus Networks has issued a security advisory warning of a critical remote code execution vulnerability affecting...
A recent report by Black Lotus Labs at Lumen Technologies has exposed the scale and sophistication of the NSOCKS botnet, a criminal proxy network built on the infamous ngioweb botnet....
D-Link has issued a security announcement concerning several End-of-Life (EOL) and End-of-Service (EOS) router models, including the DSR-150, DSR-150N, DSR-250, and DSR-250N. The advisory highlights a stack buffer overflow vulnerability...
ThreatFabric reveals a new tactic allowing fraudsters to anonymously drain stolen credit cards linked to mobile wallets. A new and concerning trend in financial cybercrime has surfaced, dubbed “Ghost Tap”...
As the e-commerce market continues to grow, so does the allure of online shopping. However, the rising tide of Black Friday deals has also attracted a wave of cybercriminal activity,...
Support Securityonline.info site. Thanks!
Akira Ransomware Exploit CVE-2024-40766 in SonicWall SonicOS
October 21, 2024
