Collaborate Disseminate
Google has significantly increased the rewards for Chrome browser vulnerabilities, offering up to $250,000 for remote code execution bugs.
The post Google Now Offering Up to $250,000 for Chrome Vulnerabilities appeared first on SecurityWeek.
Continue reading Google Now Offering Up to $250,000 for Chrome Vulnerabilities
CISA is warning organizations that a second Apache OFBiz flaw is being exploited in the wild shortly after the release of PoC exploits.
The post Second Apache OFBiz Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Continue reading Second Apache OFBiz Vulnerability Exploited in Attacks
A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server.
The post Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites appeared first on SecurityWeek.
Continue reading Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites
Google flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild.
The post Google Warns of Exploited Chrome Vulnerability appeared first on SecurityWeek.
Continue reading Google Warns of Exploited Chrome Vulnerability
SonicWall has patched CVE-2024-40766, a critical SonicOS vulnerability that can lead to unauthorized access or a firewall crash.
The post SonicWall Patches Critical SonicOS Vulnerability appeared first on SecurityWeek.
Continue reading SonicWall Patches Critical SonicOS Vulnerability
SolarWinds has issued a Web Help Desk hotfix to remove hardcoded credentials from last week’s hotfix for a critical-severity vulnerability.
The post SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw appeared first on SecurityWeek.
Continue reading SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw
Hackers gained access to the switch using valid administrator credentials, and then ‘jailbroke’ from the application level into the OS level.
The post China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches … Continue reading China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches
More than two years after the Log4j crisis, organizations are still being hit by crypto-currency miners and backdoor scripts.
The post Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware appeared first on SecurityWeek.
Continue reading Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware
Atlassian has released patches for nine high-severity vulnerabilities in Bamboo, Confluence, Crowd, and Jira products.
The post Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira appeared first on SecurityWeek.
Continue reading Atlassian Patches Vulnerabilities in Bamboo, Confluence, Crowd, Jira
CISA warns that attackers are exploiting two critical-severity authentication bypass vulnerabilities impacting multiple Dahua products.
The post CISA Warns of Exploited Vulnerabilities Impacting Dahua Products appeared first on SecurityWeek.
Continue reading CISA Warns of Exploited Vulnerabilities Impacting Dahua Products