News Archives • Page 367 of 632 • Daily CyberSecurity

CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities DarkSword exploit kit iOS 18.7.7 security update CVE-2024-44308 & CVE-2024-44309 Apple appeal, Epic Games lawsuit

DarkSword exploit kit iOS 18.7.7 security update CVE-2024-44308 & CVE-2024-44309 Apple appeal, Epic Games lawsuit

CVE-2024-44308 and CVE-2024-44309: Apple Addresses Zero-Day Vulnerabilities

Ddos November 19, 2024

Apple users are urged to update their devices immediately following the discovery of two critical zero-day vulnerabilities...

CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

State-Sponsored Exploitation CISA KEV Catalog F5 BIG-IP RCE CISA KEV Catalog SolarWinds WHD Exploit CVE-2025-40551 Zimbra XSS Zero-Day CVE-2025-27915 Exploited Windows Security Vulnerabilities

CISA Warns of Actively Exploited Vulnerabilities in Kemp LoadMaster and Palo Alto Networks PAN-OS

Ddos November 19, 2024

Critical flaws in widely-used networking and security products demand immediate attention from administrators. The Cybersecurity and Infrastructure...

Phobos Ransomware Administrator Extradited to US to Face Charges Evgenii Ptitsyn - Phobos ransomware

Phobos Ransomware Administrator Extradited to US to Face Charges

Ddos November 19, 2024

Evgenii Ptitsyn, a Russian national, faces a 13-count indictment for his alleged role in a global ransomware...

Phishing Alert: Government Impersonation Attacks Surge via DocuSign DocuSign phishing attacks

Phishing Alert: Government Impersonation Attacks Surge via DocuSign

Ddos November 19, 2024

Cybercriminals are leveraging the trusted reputation of government agencies to deceive businesses, with DocuSign phishing attacks on...

From CVE to PoC: A Collection Maps Windows Privilege Escalation Landscape Windows Privilege Escalation Vulnerabilities

From CVE to PoC: A Collection Maps Windows Privilege Escalation Landscape

Ddos November 18, 2024

Security researcher Michael Zhmaylo has assembled a comprehensive collection of publicly disclosed exploits for Local Privilege Escalation...

CVE-2024-52308: GitHub CLI Vulnerability Could Allow Remote Code Execution

Ddos November 18, 2024

A critical security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) has been identified, potentially enabling...

LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise CVE-2024-51092 - LibreNMS

LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise

Ddos November 18, 2024

A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up...

Actively Exploited VMware Vulnerabilities (CVE-2024-38812 & CVE-2024-38813) Threaten Virtualized Infrastructure

Ddos November 18, 2024

Broadcom has updated an urgent security advisory following confirmation of in-the-wild exploitation of two critical vulnerabilities affecting...

North Korean Hackers Target Job Seekers with Malware-Laced Video Apps CL-STA-0237

North Korean Hackers Target Job Seekers with Malware-Laced Video Apps

Ddos November 18, 2024

A recent report by Unit 42 researchers uncovers a complex phishing campaign linked to a cluster of...

Trio of Apache Tomcat Flaws Disclosed: Authentication Bypass, HTTP/2 Request Mix-Up, and XSS Flaw CVE-2023-45648 Apache Tomcat Security Encryption Bypass

CVE-2023-45648 Apache Tomcat Security Encryption Bypass

Trio of Apache Tomcat Flaws Disclosed: Authentication Bypass, HTTP/2 Request Mix-Up, and XSS Flaw

Ddos November 18, 2024

The Apache Software Foundation has recently disclosed three new vulnerabilities affecting Apache Tomcat, a widely-used open-source web...

BabbleLoader: The Polyglot Malware Evading Both Traditional and AI Defenses BabbleLoader malware

BabbleLoader: The Polyglot Malware Evading Both Traditional and AI Defenses

Ddos November 18, 2024

In a recent analysis, security researcher Ryan Robinson from Intezer has detailed the highly sophisticated malware loader,...

CVE-2024-31141: Apache Kafka Vulnerability Exposes User Data to Potential Attackers Kafka Authentication Bypass JWT Signature Validation Apache Kafka - CVE-2024-27309 & CVE-2024-31141

Kafka Authentication Bypass JWT Signature Validation Apache Kafka - CVE-2024-27309 & CVE-2024-31141

CVE-2024-31141: Apache Kafka Vulnerability Exposes User Data to Potential Attackers

Ddos November 18, 2024

A newly discovered vulnerability in Apache Kafka, the popular open-source event streaming platform, could allow attackers to...

Critical Vulnerabilities Found in Baxter Life2000 Ventilation System WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

WAGO, vulnerability, industrial automation BlockBlasters, Steam malware Baxter Life2000 Ventilation System - CVE-2024-48966

Critical Vulnerabilities Found in Baxter Life2000 Ventilation System

Ddos November 18, 2024

The Baxter Life2000 Ventilation System, a key healthcare device used in critical infrastructure sectors, has been found...

DNS Predators Exploit “Sitting Ducks” Attack to Hijack Domains and Expand Cyber Operation Sitting Ducks attack

DNS Predators Exploit “Sitting Ducks” Attack to Hijack Domains and Expand Cyber Operation

Ddos November 18, 2024

A recent report from Infoblox Threat Intel sheds light on an underreported yet pervasive cyber threat: the...

CVE-2024-0012 and CVE-2024-9474: Actively Exploited Vulnerabilities Impact Palo Alto Networks PAN-OS

Ddos November 18, 2024

Palo Alto Networks has issued critical advisories regarding two actively exploited vulnerabilities in their PAN-OS software, posing...

“Water Barghest” Botnet Hijacks 20,000 IoT Devices for Profit Mozi Botnet AI bots

“Water Barghest” Botnet Hijacks 20,000 IoT Devices for Profit

Ddos November 18, 2024

Trend Micro researchers have unveiled the operations of a sophisticated botnet, dubbed “Water Barghest.” By October 2024,...

Critical Vulnerabilities in Citrix Virtual Apps and Desktops Actively Exploited CVE-2024-8068 & CVE-2024-8069 - Citrix Session Recording Manager

CVE-2024-8068 & CVE-2024-8069 - Citrix Session Recording Manager

Critical Vulnerabilities in Citrix Virtual Apps and Desktops Actively Exploited

Ddos November 18, 2024

Two vulnerabilities in Citrix’s “Virtual Apps and Desktops” remote access solution, CVE-2024-8068 and CVE-2024-8069, are actively being...

PoC Exploit Releases for Zero-Day CVE-2024-47575 Flaw in Fortinet FortiManager CVE-2024-47575 PoC exploit

PoC Exploit Releases for Zero-Day CVE-2024-47575 Flaw in Fortinet FortiManager

Ddos November 17, 2024

Security researcher Sina Kheirkhah from watchTowr recently published technical details and a proof-of-concept (PoC) exploit for a...

WezRat: The Modular Infostealer Weaponized by Iranian Cyber Group Emennet Pasargad WezRat malware

WezRat: The Modular Infostealer Weaponized by Iranian Cyber Group Emennet Pasargad

Ddos November 17, 2024

In a comprehensive analysis released by Check Point Research (CPR), the WezRat infostealer has been identified as...

Sonatype Nexus Repository 2 Hit By RCE (CVE-2024-5082) and XSS (CVE-2024-5083) Flaws Nexus Repository RCE Supply Chain Security Nexus Repository Manager - CVE-2024-5082 & CVE-2024-5083

Sonatype Nexus Repository 2 Hit By RCE (CVE-2024-5082) and XSS (CVE-2024-5083) Flaws

Ddos November 17, 2024

Sonatype has issued two security advisories for its Nexus Repository Manager 2.x, a popular repository manager used...

Critical Alert 1 Active Exploit Detected Today