Collaborate Disseminate
CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more in the near future: Horizon3.ai researchers have publis… Continue reading PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869. Nothing in the advisory poi… Continue reading Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The … Continue reading Chinese APT40 group swifly leverages public PoC exploits
A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to p… Continue reading PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)
Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately … Continue reading Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)
Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities T… Continue reading Zyxel patches critical flaws in EOL NAS devices
Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal sensitive information. TotalRecall results (Source: Alexander Hagenah) Copil… Continue reading TotalRecall shows how easily data collected by Windows Recall can be stolen
Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a… Continue reading PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. About… Continue reading High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)
Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM h… Continue reading PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)