The Hacker News
Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines
Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family.
The Hacker News
Nearly a dozen security flaws have been discovered in the GE HealthCare Vivid Ultrasound product family.
SC Magazine
In this month’s release, Redmond patched 60 CVEs including two other zero-days and a SharePoint Server remote code execution vulnerability rated critical.
SecurityWeek
Microsoft patched 60 security bugs in multiple products and waned of an actively exploited Windows zero-day (CVE-2024-30051)
Latest Hacking News
Researchers caught a serious security vulnerability in the R programming language that could allow arbitrary code execution. Given the extensive application of this language, particularly for AI/ML projects, the vulnerability could have a huge impact
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Security Affairs
A flaw in the R programming language enables the execution of arbitrary code when parsing specially crafted RDS and RDX files.
Bleeping Computer
A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files.
SecurityWeek
A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack.
DarkReading
The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.
The Hacker News
A critical vulnerability (CVE-2024-27322) has been discovered in the R programming language. It could allow attackers to execute arbitrary code.
SC Magazine
Arbitrary code in Lambda Layers may be unsafely executed in older versions of Keras.
Cyber Security News
A 220% increase in vulnerabilities impacting AI systems has been discovered since the initial disclosures of 15 vulnerabilities in November
Cyber Security News
A new supply-chain vulnerability has been identified in the Lambda Layers of third-party TensorFlow-based Keras models that could allow
HACKRead
Cybersecurity firm Wiz.io found that AI-as-a-service (aka AI Cloud) platforms like Hugging Face are vulnerable to critical risks.
Cyber Security News
Adobe has addressed a vulnerability in its ColdFusion software, which could have allowed attackers to read files arbitrarily from the system.
Ars Technica
Malicious submissions have been a fact of life for code repositories. AI is no different.
DarkReading
The finding underscores the growing risk of weaponizing publicly available AI models and the need for better security to combat the looming threat.
Bleeping Computer
At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor.
Security Affairs
SolarWinds addressed three critical vulnerabilities in its Access Rights Manager (ARM) solution, including two RCE bugs.
Bleeping Computer
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
Security Affairs
Splunk addressed multiple vulnerabilities in Splunk Enterprise, including a high-severity flaw impacting Windows installs.
SecurityWeek
The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version.
DarkReading
Thousands of vulnerable servers may be open to cyberattacks exploiting the max-severity CVE-2023-46604 bug.
CSO
The attack methods being used to abuse the bug can successfully circumvent security measures, evading detection by security endpoints during scanning.
SecurityWeek
A joint advisory from CISA and the FBI warns about Androxgh0st malware attacks ensnaring devices in a botnet.
Bleeping Computer
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.
Infosecurity News
CISA’s advisory provides mitigations for vulnerabilities in ICS products used in critical infrastructure industries like energy, and manufacturing
The Hacker News
CISA adds six new flaws to its KEV catalog, highlighting urgent need for network security upgrades!
Bleeping Computer
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla.
DarkReading
Although the unauthenticated Java deserialization flaw has been known since 2015, GWT apps remain vulnerable to malicious server-side code execution, new research says.
Cyber Security News
The Apache ActiveMQ vulnerability was actively targeted by threat actors to get unauthorized access to messaging systems.
Security Affairs
Software giant Atlassian addressed four critical Remote Code Execution (RCE) vulnerabilities in its products.
The Hacker News
Atlassian has released software fixes to address four critical flaws in its software that could lead to remote code execution.
HACKRead
The recently discovered GoTitan botnet is built on the Golang programming language, whereas PrCtrl Rat is a .NET program.
Cyber Security News
Attackers are exploiting the recently discovered critical security vulnerability tracked as (CVE-2023-46604) affecting Apache ActiveMQ.
Security Affairs
Microsoft announced this week it will pay up to $20,000 for security vulnerabilities in its Defender products.
SecurityWeek
Microsoft invites researchers to new bug bounty program focused on vulnerabilities in its Defender products.
Bleeping Computer
Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000.
Trend Micro
We uncovered the active exploitation of the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with the Kinsing malware (also known as h2miner) and cryptocurrency miner.
Cyber Security News
Metasploit is an open-source penetration testing framework created by Rapid7 that enables security professionals to simulate attacks against computer systems, networks, and applications.
Cyber Security News
Four new zero-day vulnerabilities have been identified in Microsoft Exchange with server-side request forgery and remote code execution.
DarkReading
More than 3,000 systems are exposed and vulnerable to attack on the Internet.
DarkReading
More than 3,000 systems are exposed and vulnerable to attack on the Internet.
SecurityWeek
SolarWinds patches high-severity flaws in its Access Rights Manager product, including three unauthenticated remote code execution issues.
Bleeping Computer
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.
SecurityWeek
CISA is now flagging vulnerabilities and misconfigurations that are known to be exploited in ransomware attacks.
Bleeping Computer
Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks.
DarkReading
The vulnerabilities exist in the widely used TorchServe framework, used by Amazon, Google, Walmart, and many other heavy hitters.
CSO
The vulnerabilities can completely compromise the AI infrastructure of the world’s biggest businesses, Oligo Security said.
Ars Technica
Will attacks be as big as those targeting MOVEit? Maybe not, but they still can be plenty bad.
DarkReading
While CVE-2023-40044 is critical, threat watchers hope it won't be another MOVEit for customers of Progress Software's file transfer technology.
Bleeping Computer
A set of critical vulnerabilities dubbed 'ShellTorch' in the open-source TorchServe AI model-serving tool impact tens of thousands of internet-exposed servers, some of which belong to large organizations.
The Hacker News
Multiple vulnerabilities in TorchServe, used for serving PyTorch models, could lead to remote code execution.
SecurityWeek
ShellTorch attack chains critical TorchServe vulnerabilities and could completely compromise the AI infrastructure of major companies.
Bleeping Computer
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform.
SecurityWeek
Rapid7 says attackers are targeting a critical pre-authentication flaw in Progress Software’s WS_FTP server just days after disclosure.
CyberSecurity Dive
The company behind the beleaguered MOVEit service has another vulnerable tool — WS_FTP Server. While there are no known exploits, two of the CVEs are critical.
Infosecurity News
CVSS 10.0 flaw was found in the WS_FTP Server software
The Hacker News
Progress Software releases hotfixes for critical CVE-2023-40044 and 7 other vulnerabilities in WS_FTP Server
Bleeping Computer
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software.
SecurityWeek
Critical flaws in Progress Software's WS_FTP product allows pre-authenticated attackers to wreak havoc on the underlying operating system.
The Hacker News
🚨 Security Alert! Atlassian and ISC uncover critical flaws in their products that could lead to DoS and remote code execution.
SecurityWeek
A Chinese threat actor has been observed targeting organizations in multiple industries to deploy web skimmers on online payment pages.
The Hacker News
Apache SuperSet users, beware! A critical update has been released to patch two new vulnerabilities (CVE-2023-39265 & CVE-2023-37941).
Infosecurity News
Although the patches for these vulnerabilities have already been released, public attacks are still occurring
DarkReading
The vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion.
SecurityWeek
CISA warns that CVE-2023-26359, an Adobe ColdFusion vulnerability patched in March, has been exploited in the wild.
Security Affairs
US CISA added critical vulnerability CVE-2023-26359 in Adobe ColdFusion to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw CVE-2023-26359 (CVSS score 9.8) affecting Adobe ColdFusion to its Known Exploited Vulnerabilities Catalog. Adobe fixed the critical flaw in March 2023, it is a deserialization of untrusted data issue in Adobe ColdFusion that can […]
The Hacker News
Critical security flaw in Adobe ColdFusion has been added to CISA's Known Exploited Vulnerabilities catalog.
Bleeping Computer
Serde, a popular Rust (de)serialization project, has decided to ship its serde_derive macro as a precompiled binary. This has generated a fair amount of concern among some developers who highlight the future legal and technical issues this may pose, along with a potential for supply chain attacks.
Cyber Security News
Researchers discovered four vulnerabilities in CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and five vulnerabilities in Dataprobe's iBoot Power Distribution Unit (PDU).
Security Affairs
Multiple vulnerabilities in CyberPower PowerPanel Enterprise DCIM platform and Dataprobe PDU could expose data centers to hacking. Researchers from Trellix Advanced Research Center discovered multiple vulnerabilities impacting CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). An attacker could exploit to gain unauthenticated access to these systems and […]
The Hacker News
Major security vulnerabilities have been uncovered in CyberPower and Dataprobe systems.
Security Affairs
CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022. The […]
Bleeping Computer
Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.
The Record
Researchers have found a critical security hole in Minecraft mods allowing hackers to run malicious commands on the game’s servers and compromise clients’ devices.
Latest Hacking News
Adobe released an emergency security patch for ColdFusion, addressing a critical zero-day vulnerability. The tech giant warned users of active exploitation of the flaw, urging users to update their systems as soon as possible. Active Exploitation
SecurityWeek
Adobe releases a second round of patches for recent ColdFusion vulnerabilities, including flaws that have been exploited in attacks.
The Hacker News
Adobe releases fresh updates to address an incomplete fix for a critical ColdFusion flaw (CVE-2023-38205).
Infosecurity News
Rapid7 has observed that some vulnerabilities in Adobe ColdFusion were still being exploited several days after the patches were published
SecurityWeek
At least two new Adobe ColdFusion vulnerabilities have been exploited in the wild, including one that has not been completely patched
The Hacker News
A critical security flaw in the WooCommerce Payments WordPress plugin (CVE-2023-28121) is being actively exploited by threat actors.
Security Affairs
Adobe is warning customers of a critical ColdFusion pre-authentication RCE bug, tracked as CVE-2023-29300, which is actively exploited. Adobe warns customers of a critical ColdFusion pre-authentication remote code execution vulnerability, tracked as CVE-2023-29300 (CVSS score 9.8), that is actively exploited in attacks in the wild. “Adobe is aware that CVE-2023-29300 has been exploited in the […]
Bleeping Computer
Hackers are actively exploiting two ColdFusion vulnerabilities to bypass authentication and remotely execute commands to install webshells on vulnerable servers.
Bleeping Computer
Adobe warns that a critical ColdFusion pre-authentication remote code execution vulnerability tracked as CVE-2023-29300 is actively exploited in attacks.
Bleeping Computer
Adobe warns that a critical ColdFusion pre-authentication remote code execution vulnerability tracked as CVE-2023-29300 is actively exploited in attacks.
SecurityWeek
Adobe patches critical code execution vulnerability in ColdFusion for which a proof-of-concept (PoC) blog exists.
Cyber Security News
Adobe addressed critical security issues in ColdFusion and InDesign. Users should install security updates immediately to ensure system safety.
SecurityWeek
Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.
SecurityWeek
Software maker calls special attention to CVE-2023-29300, a deserialization of untrusted data bug with a CVSS severity score of 9.8/10.
Security Affairs
VMware warns customers of the public availability of an exploit code for the RCE vulnerability CVE-2023-20864 affecting vRealize. VMware warned customers of the availability of an exploit code for the critical RCE vulnerability CVE-2023-20864 in the VMware Aria Operations for Logs analysis tool (formerly vRealize Log Insight). VMware Aria Operations for Networks (formerly vRealize Network Insight) is […]
Bleeping Computer
VMware warned customers today that exploit code is now available for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps admins manage terabytes worth of app and infrastructure logs in large-scale environments.
The Hacker News
Developers, beware! npm packages are vulnerable to manifest confusion. This could serve as a backdoor for malicious code, hiding in your project
Bleeping Computer
MITRE shared today this year's list of the top 25 most dangerous weaknesses plaguing software during the previous two years.
The Hacker News
Fortinet has released urgent updates to fix a critical vulnerability (CVE-2023-33299) in FortiNAC, exposing networks to arbitrary code execution.
Latest Hacking News
The cybersecurity and technology provider, Fortinet, has recently addressed multiple security flaws affecting FortiNAC systems. This includes patching a critical remote code execution vulnerability that allowed unauthenticated code execution on the target FortiNAC system. FortiNAC Vulnerability
Security Affairs
Fortinet addressed a critical remote command execution vulnerability, tracked as CVE-2023-33299, affecting FortiNAC solution. FortiNAC is a network access control (NAC) solution designed by Fortinet that is used by organizations to secure and control access to networks by enforcing security policies, monitoring devices, and managing their access privileges. FortiNAC helps organizations protect their network infrastructure […]
Bleeping Computer
Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands.
Security Affairs
Security firm Horizon3 released proof-of-concept (PoC) exploit code for the remote code execution (RCE) flaw CVE-2023-34362 in the MOVEit Transfer MFT. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads. The vulnerability is a SQL injection vulnerability, it can be exploited by […]
Bleeping Computer
Horizon3 security researchers have released proof-of-concept (PoC) exploit code for a remote code execution (RCE) bug in the MOVEit Transfer managed file transfer (MFT) solution abused by the Clop ransomware gang in data theft attacks.
Loading more articles....