Collaborate Disseminate
The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.
The post Apache Makes Another Attempt at Patching Exploited RCE in OFBiz appeared first on SecurityWeek.
Continue reading Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
Two DrayTek vulnerabilities added by CISA to its KEV catalog have been exploited by multiple threat groups to steal data from organizations worldwide.
The post DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign appeared fir… Continue reading DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign
Google has released Android security updates to patch an exploited local privilege escalation vulnerability.
The post Android’s September 2024 Update Patches Exploited Vulnerability appeared first on SecurityWeek.
Continue reading Android’s September 2024 Update Patches Exploited Vulnerability
A WPS Office zero-day vulnerability tracked as CVE-2024-7262 was exploited by South Korean hacker group APT-C-60.
The post WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies appeared first on SecurityWeek.
Continue reading WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies
CISA is warning organizations that a second Apache OFBiz flaw is being exploited in the wild shortly after the release of PoC exploits.
The post Second Apache OFBiz Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Continue reading Second Apache OFBiz Vulnerability Exploited in Attacks
Google flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild.
The post Google Warns of Exploited Chrome Vulnerability appeared first on SecurityWeek.
Continue reading Google Warns of Exploited Chrome Vulnerability
SolarWinds has issued a Web Help Desk hotfix to remove hardcoded credentials from last week’s hotfix for a critical-severity vulnerability.
The post SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw appeared first on SecurityWeek.
Continue reading SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw
CISA warns that attackers are exploiting two critical-severity authentication bypass vulnerabilities impacting multiple Dahua products.
The post CISA Warns of Exploited Vulnerabilities Impacting Dahua Products appeared first on SecurityWeek.
Continue reading CISA Warns of Exploited Vulnerabilities Impacting Dahua Products
Chrome 128 was released in the stable channel with patches for 38 vulnerabilities, including a V8 JavaScript engine flaw exploited in the wild.
The post Google Patches Sixth Exploited Chrome Zero-Day of 2024 appeared first on SecurityWeek.
Continue reading Google Patches Sixth Exploited Chrome Zero-Day of 2024
CISA is warning organizations about abuse of Cisco Smart Install feature, as Cisco is notifying customers about critical phone vulnerabilities it’s not patching.
The post Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities appeared fir… Continue reading Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities