Microsoft Teams Patch Bypass Allows RCE
An attacker can hide amidst legitimate traffic in the application’s update function. Continue reading Microsoft Teams Patch Bypass Allows RCE
Category Archives: security vulnerability
Newsletter WordPress Plugin Opens Door to Site Takeover
An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites. Continue reading Newsletter WordPress Plugin Opens Door to Site Takeover
Critical Magento Flaws Allow Code Execution
Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform. Continue reading Critical Magento Flaws Allow Code Execution
Billions of Devices Impacted by Secure Boot Bypass
The “BootHole” bug could allow cyberattackers to load malware, steal information and move laterally into corporate, OT ,IoT and home networks. Continue reading Billions of Devices Impacted by Secure Boot Bypass
Cisco Network Security Flaw Leaks Sensitive Data
The flaw exists in Cisco’s network security Firepower Threat Defense (FTD) software and its Adaptive Security Appliance (ASA) software. Continue reading Cisco Network Security Flaw Leaks Sensitive Data
ASUS Home Router Bugs Open Consumers to Snooping Attacks
The two flaws allow man-in-the-middle attacks that would give an attacker access to all data flowing through the router. Continue reading ASUS Home Router Bugs Open Consumers to Snooping Attacks
Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
Less than 500 machines have been patched since U.S. Cyber Command issued an alert to patch a critical bug that’s under active exploit. Continue reading Thousands of Vulnerable F5 BIG-IP Users Still Open to Takeover
Zoom Addresses Vanity URL Zero-Day
An attacker could pose as a company employee, invite customers or partners to meetings, then use socially engineered conversation to extract sensitive information. Continue reading Zoom Addresses Vanity URL Zero-Day
Zoom Zero-Day Allows RCE, Patch on the Way
Researchers said that the issue is only exploitable on Windows 7 and earlier. Continue reading Zoom Zero-Day Allows RCE, Patch on the Way
Advertising Plugin for WordPress Threatens Full Site Takeovers
Thousands of vulnerable websites need to apply the patch to avoid RCE. Continue reading Advertising Plugin for WordPress Threatens Full Site Takeovers