Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Ubuntu Security Notice USN-7065-1

Ubuntu Security Notice 7065-1 - Damien Schaeffer discovered that Firefox did not properly manage memory in the content process when handling Animation timelines, leading to a use after free vulnerability. An attacker could possibly use this issue to achieve remote code execution.

Packet Storm
Open in Source
#vulnerability#web#ubuntu#rce#perl#firefox
Zero-day Flaws Exposed EV Chargers to Shutdowns and Data Theft

NCC Group experts share details of how they exploited critical zero-day vulnerabilities in Phoenix Contact EV chargers (electric…

WordPress File Manager Advanced Shortcode 2.3.2 Code Injectin / Shell Upload

WordPress File Manager Advanced Shortcode plugin version 2.3.2 suffers from a code injection vulnerability that allows for remote shell upload.

TOTOLINK 9.x Command Injection

TOTOLINK version 9.x suffers from a remote command injection vulnerability.

MagnusBilling 7.x Command Injection

MagnusBilling version 7.x suffers from a remote command injection vulnerability.

Bookstore Management System 1.0 SQL Injection

Bookstore Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the

5 Steps to Boost Detection and Response in a Multi-Layered Cloud

The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices—securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning

THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

Hey there, it's your weekly dose of "what the heck is going on in cybersecurity land" – and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it's full of stuff they don't 🤫 want you to know. So let's jump in before we get FOMO. ⚡ Threat of the Week GoldenJackal Hacks Air-Gapped Systems: Meet

Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware

Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog ransomware. Cybersecurity vendor Sophos said it has been tracking a series of attacks in the past month leveraging compromised VPN credentials and CVE-2024-40711 to create a local account and deploy the ransomware. CVE-2024-40711, rated 9.8 out of 10.0 on the