Vulnerability Archives • Page 53 of 190 • Daily CyberSecurity

CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers

Do Son December 18, 2024

A recently disclosed security vulnerability in Next.js, a popular React framework used by millions of developers worldwide,...

VIPKeyLogger: A New Infostealer Targeting Sensitive Data via Phishing Campaigns UAT-8099 BadIIS Malware Pacific Islands Forum Cyberattack

VIPKeyLogger: A New Infostealer Targeting Sensitive Data via Phishing Campaigns

Do Son December 18, 2024

Forcepoint researchers have uncovered an alarming rise in activity involving a new infostealer malware named VIPKeyLogger. Distributed...

Azure Key Vault Vulnerability: Exploiting Role Misconfigurations for Privilege Escalation Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure outage, Front Door Microsoft Azure Surveillance, Gaza Call Records Red Sea cables, Azure outage MFA enforcement Azure outage, Red Sea cables Azure Key Vault Azure, Surveillance

Azure Key Vault Vulnerability: Exploiting Role Misconfigurations for Privilege Escalation

Do Son December 18, 2024

Datadog Security Labs has uncovered a potential privilege escalation method in Azure Key Vault that could grant...

CVE-2024-10205: Critical Authentication Bypass Flaw Found in Hitachi Infrastructure Analytics Advisor and Ops Center Analyzer

Do Son December 18, 2024

Hitachi Vantara has disclosed a critical authentication bypass vulnerability (CVE-2024-10205) affecting its Infrastructure Analytics Advisor and Ops...

CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution BeyondTrust Vulnerability CVE-2026-1731 CVE-2024-12356 - CVE-2025-0889 BeyondTrust Privilege Escalation, Windows Security

CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution

Do Son December 18, 2024

A critical command injection vulnerability (CVE-2024-12356) has been discovered in BeyondTrust’s Privileged Remote Access (PRA) and Remote...

Data Exfiltration and RCE Risks Found in Azure Data Factory’s Airflow Integration Azure Data Factory Apache Airflow - Dirty DAG vulnerabilities

Azure Data Factory Apache Airflow - Dirty DAG vulnerabilities

Data Exfiltration and RCE Risks Found in Azure Data Factory’s Airflow Integration

Do Son December 18, 2024

Unit 42 researchers have uncovered multiple vulnerabilities in Azure Data Factory’s managed Apache Airflow integration, potentially enabling...

High-Severity Vulnerabilities Fixed in Latest Chrome Release CVE-2024-12692 & CVE-2024-12695

High-Severity Vulnerabilities Fixed in Latest Chrome Release

Do Son December 18, 2024

Google has released a crucial update for its Chrome browser, addressing five security vulnerabilities, several of which...

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 CVE-2024-50379 & CVE-2024-54677 Apache Tomcat Vulnerabilities

CVE-2024-50379 & CVE-2024-54677 Apache Tomcat Vulnerabilities

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Do Son December 17, 2024

The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a...

CVE-2024-53376: CyberPanel Flaw Exposes Systems to Full Compromise, PoC Published CVE-2024-53376 PoC

CVE-2024-53376: CyberPanel Flaw Exposes Systems to Full Compromise, PoC Published

Do Son December 17, 2024

Security researcher Thanatos has uncovered a critical vulnerability (CVE-2024-53376) in CyberPanel, a popular web hosting control panel,...

CVE-2024-55949 (CVSS 9.3): Critical MinIO Flaw Allows Any User to Gain Full Admin Privileges MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

CVE-2024-55949 (CVSS 9.3): Critical MinIO Flaw Allows Any User to Gain Full Admin Privileges

Do Son December 17, 2024

A newly discovered vulnerability in MinIO, the popular open-source object storage platform, could allow any user to...

HiatusRAT Campaign Targets Web Cameras and DVRs: FBI Warns of Rising IoT Exploits BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

HiatusRAT Campaign Targets Web Cameras and DVRs: FBI Warns of Rising IoT Exploits

Do Son December 17, 2024

The FBI, in collaboration with CISA, has issued a new alert regarding the HiatusRAT malware campaign. The...

Spring Boot Actuator Misconfigurations: The Hidden Security Risks in Cloud Environments

Do Son December 17, 2024

A new report by Wiz Threat Research highlights critical misconfigurations in Spring Boot Actuator, exposing sensitive data...

Multiple Vulnerabilities in SHARP Routers Demand Urgent Firmware Updates CVE-2024-46873 and CVE-2024-45721

Multiple Vulnerabilities in SHARP Routers Demand Urgent Firmware Updates

Do Son December 17, 2024

The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has issued a warning about multiple critical vulnerabilities...

Massive Ransomware Campaign Targets DrayTek Routers Osiris Ransomware Inc Ransomware Connection CountLoader Massive Ransomware Campaign CVE-2025-0289

Osiris Ransomware Inc Ransomware Connection CountLoader Massive Ransomware Campaign CVE-2025-0289

Massive Ransomware Campaign Targets DrayTek Routers

Do Son December 17, 2024

Forescout Research – Vedere Labs, in collaboration with PRODAFT, has unveiled a massive ransomware campaign exploiting vulnerabilities...

CVE-2024-49112 (CVSS 9.8): Critical Windows LDAP Flaw Puts Networks at Risk of Remote Takeover PlayReady Leak, DRM Certificates Windows Server 2022 update Hyper-V confidential VM fix CVE-2024-49112 Microsoft Authenticator, password manager

PlayReady Leak, DRM Certificates Windows Server 2022 update Hyper-V confidential VM fix CVE-2024-49112 Microsoft Authenticator, password manager

CVE-2024-49112 (CVSS 9.8): Critical Windows LDAP Flaw Puts Networks at Risk of Remote Takeover

Do Son December 16, 2024

Microsoft has disclosed a critical Remote Code Execution (RCE) vulnerability in its Lightweight Directory Access Protocol (LDAP)...

Zero-Click HomeKit Exploit Used to Spy on Serbian Journalists HomeKit zero-click exploit

Zero-Click HomeKit Exploit Used to Spy on Serbian Journalists

Do Son December 16, 2024

A new report by Amnesty International reveals that NSO Group’s Pegasus spyware was used to target iPhones...

Hackers exploit critical Apache Struts RCE flaw (CVE-2024-53677) after PoC exploit release CoinMarketCap Hack, Inferno Drainer CVE-2024-53677 PoC Exploit

CoinMarketCap Hack, Inferno Drainer CVE-2024-53677 PoC Exploit

Hackers exploit critical Apache Struts RCE flaw (CVE-2024-53677) after PoC exploit release

Do Son December 16, 2024

Threat actors have begun exploiting a critical vulnerability in the Apache Struts framework, CVE-2024-53677, just days after...

CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool Laravel Pulse - CVE-2024-55661

CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool

Do Son December 16, 2024

A serious security flaw has been discovered in Laravel Pulse, a popular real-time application performance monitoring and...

Critical Windows and Adobe ColdFusion Vulnerabilities Actively Exploited in the Wild, PoC Exploit Published

Do Son December 16, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical vulnerabilities...

CVE-2024-55875 (CVSS 9.8): Critical XXE Vulnerability Found in http4k Toolkit

Do Son December 16, 2024

A critical XML External Entity (XXE) Injection vulnerability, identified as CVE-2024-55875, has been discovered in the http4k...

Critical Alert 2 Active Exploits Detected Today