Collaborate Disseminate
A critical path-traversal flaw (CVE-2020-27130) exists in Cisco Security Manager that lays bare sensitive information to remote, unauthenticated attackers. Continue reading Cisco Patches Critical Flaw After PoC Exploit Code Release
Google Project Zero disclosed the bug before a patch becomes available from Microsoft. Continue reading Unpatched Windows Zero-Day Exploited in the Wild for Sandbox Escape
Security researchers and U.S. government authorities alike are urging admins to address Microsoft’s critical privilege escalation flaw. Continue reading Windows Exploit Released For Microsoft ‘Zerologon’ Flaw
Two flaws – one of them yet to be fixed – are afflicting a third-party plugin used by Magento e-commerce websites. Continue reading Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws
A low-privileged process on a vulnerable machine could allow data harvesting and DoS. Continue reading IBM AI-Powered Data Management Software Subject to Simple Exploit
Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Continue reading PoC Exploit Targeting Apache Struts Surfaces on GitHub
Researchers said that the issue is only exploitable on Windows 7 and earlier. Continue reading Zoom Zero-Day Allows RCE, Patch on the Way
Three separate flaws can be chained to achieve full system compromise. Continue reading RCE Exploit Released for IBM Data Risk Manager, No Patch Available
Researchers saw several IoT botnets using one of the bugs in the wild after a proof-of-concept was published in March. Continue reading Mootbot Botnet Targets Fiber Routers with Dual Zero-Days
Novel hack allows an attacker to create a mouse-over in a PowerPoint file that triggers the installation of malware. Continue reading PowerPoint ‘Weakness’ Opens Door to Malicious Mouse-Over Attack