Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Gigabyte firmware component can be abused as a backdoor
Attackers can abuse the UEFI firmware to inject executable malware code into the Windows kernel, compromising systems.
Inactive, unmaintained Salesforce sites vulnerable to threat actors
Research highlights the risks posed by inactive Salesforce sites that continue to pull sensitive business data and can be easily exploited by malicious actors.
Barracuda patches zero-day vulnerability exploited since October
The vulnerability stemmed from incomplete input validation of user-supplied .tar files.
New phishing technique poses as a browser-based file archiver
The new technique has a hacker simulate an archiving app in the web browser to trick victims as they try to access a .zip domain.
How to check for new exploits in real time? VulnCheck has an answer
VulnCheck’s new database tracks exploits for fresh vulnerabilities in real time and allows for search using CVE IDs.
Critical remote code execution flaws patched in Cisco small business switches
Some of the vulnerabilities could lead to complete compromise of the device as a proof of concept is publicly available.
Hackers exploit WordPress vulnerability within hours of PoC exploit release
The exploitation of the vulnerability leads to a cross-site scripting (XSS) attack in which a threat actor can inject malicious scripts, redirects, advertisements, and other forms of URL manipulation into a victim site.
Microsoft fixes bypass for critical Outlook zero-click flaw patch
Microsoft rates the new Outlook vulnerability as medium severity, but Akamai researchers say it should be higher.
Azure API Management flaws highlight server-side request forgery risks in API development
New SSRF vulnerabilities highlight the weaknesses of using blacklisting techniques as a defense mechanism.
Microsoft patches 3 vulnerabilities in Azure API Management
The vulnerabilities comprise url formatting bypasses and an unrestricted file upload functionality in the API Management developer portal, according to cybersecurity firm Ermetic.
Cybercrime group FIN7 targets Veeam backup servers
At least two Veeam instances have been compromised, possibly using a vulnerability patched in March.
New DDoS amplification vector could enable massive attacks
A vulnerability in the Service Location Protocol on internet-connected devices could create a DDoS amplification factor of up to 2200X.
Cisco patches high and critical flaws across several products
Left unmitigated, the vulnerabilities could lead to unauthorized remote access, denial of service attacks, or privilege escalation.
Weak credentials, unpatched vulnerabilities, malicious OSS packages causing cloud security risks
Security teams take an average of 145 hours to solve alerts, while 80% of cloud alerts are triggered by just 5% of security rules in most environments.
Google urges users to update Chrome to address zero-day vulnerability
Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.
Microsoft patches vulnerability used in Nokoyawa ransomware attacks
The vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System driver.
Why you should patch the Windows QueueJumper vulnerability immediately
A critical flaw in Microsoft Message Queuing Service is likely to be exploited as many organizations could be unaware that it is active.
OpenAI starts bug bounty program with cash rewards up to $20,000
Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries.