Vulnerability Archives • Page 53 of 190 • Daily CyberSecurity

High-Severity Vulnerabilities Fixed in Latest Chrome Release CVE-2024-12692 & CVE-2024-12695

High-Severity Vulnerabilities Fixed in Latest Chrome Release

Ddos December 18, 2024

Google has released a crucial update for its Chrome browser, addressing five security vulnerabilities, several of which...

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 CVE-2024-50379 & CVE-2024-54677 Apache Tomcat Vulnerabilities

CVE-2024-50379 & CVE-2024-54677 Apache Tomcat Vulnerabilities

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Ddos December 17, 2024

The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a...

CVE-2024-53376: CyberPanel Flaw Exposes Systems to Full Compromise, PoC Published CVE-2024-53376 PoC

CVE-2024-53376: CyberPanel Flaw Exposes Systems to Full Compromise, PoC Published

Ddos December 17, 2024

Security researcher Thanatos has uncovered a critical vulnerability (CVE-2024-53376) in CyberPanel, a popular web hosting control panel,...

CVE-2024-55949 (CVSS 9.3): Critical MinIO Flaw Allows Any User to Gain Full Admin Privileges MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

MinIO Signature Bypass Unauthenticated Object Write MinIO Privilege Escalation, Policy Bypass CVE-2024-55949

CVE-2024-55949 (CVSS 9.3): Critical MinIO Flaw Allows Any User to Gain Full Admin Privileges

Ddos December 17, 2024

A newly discovered vulnerability in MinIO, the popular open-source object storage platform, could allow any user to...

HiatusRAT Campaign Targets Web Cameras and DVRs: FBI Warns of Rising IoT Exploits BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

BlueNoroff macOS Attack GhostCall Campaign Carding Underground Bulletproof Hosting DPRK Contagious Interview, npm Flood Stonefly group -HiatusRAT Actors

HiatusRAT Campaign Targets Web Cameras and DVRs: FBI Warns of Rising IoT Exploits

Ddos December 17, 2024

The FBI, in collaboration with CISA, has issued a new alert regarding the HiatusRAT malware campaign. The...

Spring Boot Actuator Misconfigurations: The Hidden Security Risks in Cloud Environments

Ddos December 17, 2024

A new report by Wiz Threat Research highlights critical misconfigurations in Spring Boot Actuator, exposing sensitive data...

Multiple Vulnerabilities in SHARP Routers Demand Urgent Firmware Updates CVE-2024-46873 and CVE-2024-45721

Multiple Vulnerabilities in SHARP Routers Demand Urgent Firmware Updates

Ddos December 17, 2024

The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) has issued a warning about multiple critical vulnerabilities...

Massive Ransomware Campaign Targets DrayTek Routers Osiris Ransomware Inc Ransomware Connection CountLoader Massive Ransomware Campaign CVE-2025-0289

Osiris Ransomware Inc Ransomware Connection CountLoader Massive Ransomware Campaign CVE-2025-0289

Massive Ransomware Campaign Targets DrayTek Routers

Ddos December 17, 2024

Forescout Research – Vedere Labs, in collaboration with PRODAFT, has unveiled a massive ransomware campaign exploiting vulnerabilities...

CVE-2024-49112 (CVSS 9.8): Critical Windows LDAP Flaw Puts Networks at Risk of Remote Takeover PlayReady Leak, DRM Certificates Windows Server 2022 update Hyper-V confidential VM fix CVE-2024-49112 Microsoft Authenticator, password manager

PlayReady Leak, DRM Certificates Windows Server 2022 update Hyper-V confidential VM fix CVE-2024-49112 Microsoft Authenticator, password manager

CVE-2024-49112 (CVSS 9.8): Critical Windows LDAP Flaw Puts Networks at Risk of Remote Takeover

Ddos December 16, 2024

Microsoft has disclosed a critical Remote Code Execution (RCE) vulnerability in its Lightweight Directory Access Protocol (LDAP)...

Zero-Click HomeKit Exploit Used to Spy on Serbian Journalists HomeKit zero-click exploit

Zero-Click HomeKit Exploit Used to Spy on Serbian Journalists

Ddos December 16, 2024

A new report by Amnesty International reveals that NSO Group’s Pegasus spyware was used to target iPhones...

Hackers exploit critical Apache Struts RCE flaw (CVE-2024-53677) after PoC exploit release CoinMarketCap Hack, Inferno Drainer CVE-2024-53677 PoC Exploit

CoinMarketCap Hack, Inferno Drainer CVE-2024-53677 PoC Exploit

Hackers exploit critical Apache Struts RCE flaw (CVE-2024-53677) after PoC exploit release

Ddos December 16, 2024

Threat actors have begun exploiting a critical vulnerability in the Apache Struts framework, CVE-2024-53677, just days after...

CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool Laravel Pulse - CVE-2024-55661

CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool

Ddos December 16, 2024

A serious security flaw has been discovered in Laravel Pulse, a popular real-time application performance monitoring and...

Critical Windows and Adobe ColdFusion Vulnerabilities Actively Exploited in the Wild, PoC Exploit Published

Ddos December 16, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about two critical vulnerabilities...

CVE-2024-55875 (CVSS 9.8): Critical XXE Vulnerability Found in http4k Toolkit

Ddos December 16, 2024

A critical XML External Entity (XXE) Injection vulnerability, identified as CVE-2024-55875, has been discovered in the http4k...

CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released CVE-2024-38819 PoC

CVE-2024-38819: Spring Framework Path Traversal PoC Exploit Released

Ddos December 15, 2024

A critical vulnerability in the Spring Framework, tracked as CVE-2024-38819 (CVSS score 7.5), has been publicly disclosed,...

Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover Open Sesame attack - CVE-2024-52324

Open Sesame Attack: Ruijie Networks Devices Vulnerable to Remote Takeover

Ddos December 15, 2024

In a critical revelation highlighting the vulnerabilities of IoT ecosystems, Team82 has published a report detailing 10...

CVE-2024-45337: Golang Crypto Library Flawed, Risks Authorization Bypass

Ddos December 15, 2024

A critical security vulnerability, tracked as CVE-2024-45337 (CVSS 9.1), has been discovered in the Golang cryptography library....

CVE-2024-55884 (CVSS 9.0): Critical Vulnerability Found in Mullvad VPN

Ddos December 15, 2024

X41 D-Sec GmbH, a leading cybersecurity firm, has completed a white-box penetration test of the Mullvad VPN...

336,000 Prometheus Servers at Risk: Urgent Security Alert Screenshot 2024-12-15 135137

336,000 Prometheus Servers at Risk: Urgent Security Alert

Ddos December 15, 2024

In a recent investigation, Aqua Nautilus uncovered alarming security vulnerabilities within the Prometheus ecosystem. Their research highlights...

Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks GLPI - CVE-2024-50339

Multiple Critical Vulnerabilities Expose GLPI to Widespread Attacks

Ddos December 15, 2024

A series of critical security vulnerabilities have been discovered in GLPI (Gestionnaire Libre de Parc Informatique), a...

Critical Alert 1 Active Exploit Detected Today