New zero-day exploit targets Ivanti VPN product

Mandiant says it found malware in impacted devices associated with a Chinese-linked threat group.

The post New zero-day exploit targets Ivanti VPN product appeared first on CyberScoop.

Continue reading New zero-day exploit targets Ivanti VPN product

Hackaday Links: December 22, 2024

Hackaday Links Column Banner

Early Monday morning, while many of us will be putting the finishing touches — or just beginning, ahem — on our Christmas preparations, solar scientists will hold their collective breath …read more Continue reading Hackaday Links: December 22, 2024

Hackaday Links: December 22, 2024

Hackaday Links Column Banner

Early Monday morning, while many of us will be putting the finishing touches — or just beginning, ahem — on our Christmas preparations, solar scientists will hold their collective breath …read more Continue reading Hackaday Links: December 22, 2024

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)

Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-… Continue reading PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor

Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chai… Continue reading RomCom hackers chained Firefox and Windows zero-days to deliver backdoor