A bombshell awaits the cybersecurity world at the upcoming t2 Infosec Conference. Security researchers Christer, Claes, and Marcus of signedness.org have uncovered a severe flaw (CVE-2024-29937) in Network File System (NFS) implementations used by...
Organizations relying on Fortra FileCatalyst Workflow, a widely-used enterprise file transfer solution, are at severe risk due to a newly disclosed remote code execution (RCE) vulnerability (CVE-2024-25153, CVSS 9.8) and a proof-of-concept (PoC) exploit...
In September 2023, the infamous Russian-linked cyber-espionage group APT29 flexed its muscle again, this time targeting embassies of several nations with a well-crafted attack. The group exploited a critical vulnerability in WinRAR (CVE-2023-38831) to...
Security researchers have disclosed technical details for a Visual Studio Code remote code execution vulnerability (CVE-2023-36742, CVSS score of 7.8) and a public proof-of-concept (PoC) exploit. The flaw resides in VS Code versions 1.82.0...
In the vast world of container security, NeuVector, developed and maintained by SUSE, stands tall as a beacon of protection for containerized environments throughout their entire lifecycle. Its comprehensive suite of tools and features...
At least three routers made by Australian telecommunications equipment company NetComm Wireless are affected by two serious vulnerabilities that can be exploited remotely to take control of affected devices. The Netcomm NF20Mesh router is...
Linux machines running distributions powered by kernels prior to 5.15.61 are affected by use after free flaw, related to ksmbd, exposing vulnerable systems to remote attacks. KSMBD is an open-source In-kernel CIFS/SMB3 server created...
PHP Everywhere is an open-source WordPress plugin, that enables PHP code everywhere in your WordPress installation. Using this plugin you can use PHP in Pages, Posts, Sidebar. Everywhere you can place a Gutenberg block....
On May 9, Spring released several security announcements that fixed several security vulnerabilities, including a high-risk remote code execution vulnerability. CVE-2018-1257 (High) Some versions of the Spring Framework allow applications to expose STOMPs on...
On March 13, 2018, Adobe releases the security update to fix vulnerabilities in Adobe Flash Player, Adobe Connect, and Adobe Dreamweaver. A remote attacker could exploit these vulnerabilities to take control of an affected system. The...