The Spring Framework, a cornerstone of countless enterprise Java applications, recently revealed a significant vulnerability (CVE-2024-22243). This high-severity flaw could enable attackers to exploit applications that process external URLs, potentially leading to open redirect...
Atlassian has released a security update addressing CVE-2024-21678 (CVSS 8.5), a high-severity stored cross-site scripting (XSS) vulnerability impacting multiple Confluence Server and Data Center versions. Organizations using the affected software must prioritize immediate patching...
Creates, a popular online retailer of hair styling tools, has suffered a significant data breach that exposed credit card details, names, addresses, and possibly even more sensitive personal information belonging to thousands of customers....
A serious vulnerability jeopardizes the security of WordPress websites using the popular RSS Aggregator by the Feedzy plugin. With over 50,000 active installations, WordPress users must understand the risks and take immediate action. Versions...
Open-source code is the backbone of modern software, but it’s becoming a prime target for cybercriminals. ReversingLabs researchers recently unmasked a sneaky new attack on PyPI, Python’s package manager. The attackers hid malicious code...
CrimsonEDR CrimsonEDR is an open-source project engineered to identify specific malware patterns, offering a tool for honing skills in circumventing Endpoint Detection and Response (EDR). By leveraging diverse detection methods, it empowers users to...
A recent discovery by Sonar’s Vulnerability Research Team has exposed a major security issue within the popular Joomla Content Management System (CMS). This vulnerability, designated CVE-2024-21726, opens the door to multiple Cross-Site Scripting (XSS)...
The RansomHouse ransomware group exemplifies the sophisticated, profitable, and adaptable nature of modern cyber extortion campaigns. Emerging in late 2021, their operations blend technical efficiency with psychological pressure, maximizing their potential takings. RansomHouse’s double...
VMware has released an urgent security advisory regarding two critical vulnerabilities within its now-deprecated Enhanced Authentication Plug-in (EAP). If left unaddressed, threat actors could exploit these flaws (CVE-2024-22245 and CVE-2024-22250) to hijack user sessions and...
The Lazarus Group, a skilled North Korean state-sponsored hacking collective, continues to aggressively target entities in the global defense sector. Their goal: To bolster North Korea’s military capabilities through the theft of sensitive blueprints,...
In a chilling development, ConnectWise issued a critical security advisory on February 19, 2024, exposing two gaping security vulnerabilities in its popular ScreenConnect remote access software. The most severe of these bugs, an authentication...
A recently disclosed vulnerability in Spring Security (CVE-2024-22234, CVSS 7.4) could lead to unauthorized access within affected Java web applications. Organizations leveraging Spring Security for authentication and authorization should prioritize mitigation to address the...
Recent disclosures have highlighted multiple security vulnerabilities within the Apache DolphinScheduler workflow scheduling platform. These vulnerabilities demand immediate attention from administrators and security professionals responsible for the deployment of this software. Vulnerability Snapshot CVE-2023-49250...
Since September 2023, security researchers from Cisco Talos have observed a sharp increase in malicious emails designed to infect victims with banking trojans. Of particular concern is the exploitation of Google Cloud Run for...
Check Point’s in-depth threat analysis illuminates the ongoing operations of the advanced persistent threat (APT) group Earth Preta. While extensively monitored for its European activity, a significant focus on Asian targets is undeniable. Key...
Secure Your Connection
