SmuggleFuzz SmuggleFuzz is designed to assist in identifying HTTP downgrade attack vectors. Its standout feature is not just the time-based detection or request handling, but the detailed response information it provides. This empowers users...
A recently discovered flaw in the GNU C Library’s (glibc) iconv function (CVE-2024-2961) carries severe implications for web applications built on PHP. This vulnerability, which allows for out-of-bounds memory writes, could enable remote attackers...
Exploit code is now available for a critical vulnerability (CVE-2024-29204) that has been identified in Ivanti Avalanche, a widely deployed mobile device management (MDM) solution used by enterprises. This flaw, rated 9.8 on the...
Cisco customers are facing an increased risk of attack as publicly accessible exploit code has emerged for CVE-2024-20356, a critical vulnerability in Cisco’s Integrated Management Controller (IMC). This vulnerability could allow authenticated attackers with...
The ClamAV development team has released urgent security patches for its popular open-source antivirus software. The patches address a high-severity vulnerability, designated CVE-2024-20380 (CVSS 7.5), that could allow unauthenticated, remote attackers to crash ClamAV...
A detailed analysis by Sucuri, a leading website security firm, has uncovered a sophisticated malware campaign that has shifted strategies to become more elusive and harder to detect. The hackers behind this campaign are...
A recent security advisory has shed light on a vulnerability (CVE-2024-32462) within Flatpak, a popular framework for packaging and distributing Linux applications. This vulnerability could allow a malicious or compromised Flatpak app to exploit...
Kaspersky Labs researchers have revealed a new, targeted malware campaign dubbed “DuneQuixote” with a focus on government entities within the Middle East. The campaign, active since at least February 2023, utilizes a custom malware...
A new technical analysis by Seqrite cybersecurity researchers has revealed alarming upgrades to the GhostLocker ransomware. This notorious Ransomware-as-a-Service (RaaS) framework, operated by the hacktivist group GhostSec, has undergone a significant evolution. Its new...
Keycloak, a widely used open-source solution for authentication and authorization, has released important security updates addressing multiple vulnerabilities. These flaws, which could open the door for denial of service attacks or expose sensitive data,...
Security researchers at Avast have uncovered a sophisticated cyber espionage campaign linked to the infamous Lazarus Group. The attackers are targeting individuals in Asia, using fake job offers and a series of advanced hacking...
A recent security advisory reveals multiple critical vulnerabilities in the widely used Forminator WordPress plugin, potentially exposing over 500,000 websites to malicious attacks. These vulnerabilities could allow attackers to compromise websites, steal sensitive data,...
Cisco Talos security researchers have uncovered a persistent, multi-component virus known as OfflRouter that has been quietly infecting Ukrainian systems and stealing sensitive documents since 2015. This unusual malware highlights the enduring dangers of...
Microsoft Threat Intelligence has uncovered a new attack campaign targeting Kubernetes clusters running the popular open-source metadata platform, OpenMetadata. Attackers are exploiting a series of recently disclosed critical vulnerabilities to gain access to workloads...
HashiCorp has issued an urgent security advisory regarding a critical vulnerability (CVE-2024-3817) within its widely used go-getter library. The vulnerability could allow attackers to inject malicious code during Git operations, potentially leading to the...
Secure Your Connection
