Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Red Hat Security Advisory 2024-5813-03

Red Hat Security Advisory 2024-5813-03 - An update for bind and bind-dyndb-ldap is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#js#ldap#auth
Red Hat Security Advisory 2024-5812-03

Red Hat Security Advisory 2024-5812-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Login System Project 1.0 SQL Injection

Login System Project version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as early

CTEM in the Spotlight: How Gartner's New Categories Help to Manage Exposures

Want to know what’s the latest and greatest in SecOps for 2024? Gartner’s recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year’s report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial

TDECU data breach affects half a million people

The Texas Dow Employees Credit Union (TDECU) has disclosed a data breach of 500,474 people, related to the MOVEit vulnerability.

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot

Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. "ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface," security researcher Johann Rehberger said. "This means that an attacker

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to

GHSA-22xm-w7r2-834q: FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function

A cross-site scripting (XSS) vulnerability in the Create Product function of fastapi-admin pro v0.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.