87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it&#8… Continue reading 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a… Continue reading Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution fl… Continue reading Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has confirmed patches for 20 vulnerabilities affe… Continue reading Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say that the attacks started on September 28 – sev… Continue reading Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE

After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day vulnerabilities in the Common UNIX Printing System (CUPS) that can be abused by remote, un… Continue reading CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are… Continue reading PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which … Continue reading Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)

Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to … Continue reading Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)

Critical VMware vCenter Server bugs fixed (CVE-2024-38812)

Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to remote code execution (CVE-2024-38812) or privilege escalation (CVE-2024-38813). … Continue reading Critical VMware vCenter Server bugs fixed (CVE-2024-38812)