Latest News
**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 131.0.2903.112 12/19/2024 131.0.6778.205
**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 131.0.2903.112 12/19/2024 131.0.6778.205
**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 131.0.2903.112 12/19/2024 131.0.6778.205
In the last newsletter of the year, Thorsten recalls his tech-savvy gift to his family and how we can all incorporate cybersecurity protections this holiday season.
Cisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF readers on the market. The vulnerabilities
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files.
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core up to and including version 1.5.12 in Java applications allows attackers to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege.
A newly discovered vulnerability, CVE-2024-53677, in the aging Apache framework is going to cause major headaches for IT teams, since patching isn't enough to fix it.
TP-Link is being investigated for alleged predatory pricing practices, which may be driven by ulterior motives.