#auth

Craft CMS version 4.4.14 suffers from a PHP code injection vulnerability.

Chamilo version 1.11.18 suffers from a PHP code injection vulnerability.

Artica Proxy version 4.40 suffers from a code injection vulnerability that provides a reverse shell.

The ABB BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'MODEM' HTTP POST parameter called by the dialupSwitch.php script.

The future of cybersecurity will be shaped by how well we manage the explosion of NHIs.

CISOs in consumer and retail organizations appear to accept greater risks to allow for more innovation, which could be a model for future growth.

Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This…

Threat actors constantly change tactics to bypass cybersecurity measures, developing innovative methods to steal user credentials. Hybrid password attacks merge multiple cracking techniques to amplify their effectiveness. These combined approaches exploit the strengths of various methods, accelerating the password-cracking process.  In this post, we’ll explore hybrid attacks — what they are

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks. It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who

GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches. Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10. "An issue was discovered in GitLab EE