Blackwing Intelligence has unearthed several vulnerabilities that enable circumvention of the Windows Hello authentication system on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. These security loopholes are attributable to...
ownCloud, a widely used open-source file sync and share solution, has recently been the target of three critical security vulnerabilities, each posing significant risks to user data and privacy. These vulnerabilities, if left unaddressed,...
strongSwan, a widely used open-source VPN software, has been found to harbor a critical security vulnerability that could allow remote attackers to execute arbitrary code on affected systems. This vulnerability, tracked as CVE-2023-41913, affects...
Security researchers have disclosed technical details for a Visual Studio Code remote code execution vulnerability (CVE-2023-36742, CVSS score of 7.8) and a public proof-of-concept (PoC) exploit. The flaw resides in VS Code versions 1.82.0...
In the realm of machine learning, Apache Submarine stands out as a popular end-to-end platform, empowering data scientists to navigate the entire machine-learning workflow. However, a recent vulnerability, CVE-2023-37924, has emerged, posing a potential...
A critical vulnerability was found in Atlassian Crowd, a popular user management and access control platform. This vulnerability, known as CVE-2023-22521, poses a significant threat to organizations utilizing Crowd, warranting immediate attention and remediation....
In a recent security advisory, Atlassian has disclosed a critical remote code execution (RCE) vulnerability affecting Bamboo Data Center and Server versions 8.1.0 through 9.3.0. This high-severity vulnerability, identified as CVE-2023-22516, allows an authenticated...
A severe security vulnerability, identified as CVE-2023-4149, has been discovered in the WAGO Industrial Managed Switch, posing a significant threat to industrial control systems (ICS) and critical infrastructure environments. This vulnerability, characterized by a...
In a recent joint Cybersecurity Advisory (CSA) issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing & Analysis Center (MS-ISAC), and the Australian Cyber...
Security researchers have deconstructed the patch released by Microsoft and crafted a proof-of-concept (PoC) exploit for the CVE-2023-36025 vulnerability. This flaw has been discovered and patched, but not before it was actively exploited by...
Synology, a leading network-attached storage (NAS) and surveillance solution provider has recently addressed critical security vulnerabilities affecting its Synology Camera BC500 and TC500 models. These vulnerabilities, discovered during the PWN2OWN 2023 security competition, could...
This year marks a significant milestone for Microsoft – the tenth anniversary of its Bug Bounty Program. Launched in 2013, this initiative has become a cornerstone of Microsoft’s cybersecurity strategy, awarding over $60 million...
Security researchers from Trend Micro have recently unveiled the active exploitation of a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604. This breach is being used to infiltrate Linux systems with the notorious Kinsing...
A critical remote code execution (RCE) vulnerability, designated as CVE-2023-46302, has been discovered in Apache Submarine, an end-to-end machine learning (ML) platform. This vulnerability, stemming from a security flaw in snakeyaml (CVE-2022-1471), poses a...
Cybersecurity researcher Yordan has released the details, and a proof-of-concept (PoC) exploit for a high-severity vulnerability (CVE-2023-2598, CVSS score of 7.8) that exists in Linux kernel 6.3-rc1. Discovered by white hat hacker Tobias Holl,...
Secure Your Connection
