Cyber Security News
XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests
A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute malicious JavaScript and send crafted requests to interconnected Microsoft applications like Outlook, OneDrive, and...
CVE/vulnerability
7-Zip RCE Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely.The flaw, identified...
Cyber Security News
FortiClient VPN Flaw Enables Undetected Brute-Force Attacks
A design flaw in the logging mechanism of Fortinet's VPN servers has been uncovered, allowing attackers to conduct brute-force attacks without detection.This vulnerability,...
Cyber Security News
macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts
A race condition vulnerability in Apple's WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems.This vulnerability, cataloged...
CVE/vulnerability
Trend Micro Deep Security Vulnerable to Command Injection Attacks
Trend Micro has released a critical update addressing a remote code execution (RCE) vulnerability (CVE-2024-51503) in its Trend Micro Deep Security 20 Agent.This...
CVE/vulnerability
CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent security advisory warning organizations about an active exploitation of a critical vulnerability in Progress...
CVE/vulnerability
Apache Kafka Vulnerability Let Attackers Escalate Privileges
A newly identified vulnerability tracked as CVE-2024-31141, has been discovered in Apache Kafka Clients that could allow attackers to escalate privileges and gain unauthorized filesystem read access....
CVE/vulnerability
Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability
Zohocorp, the company behind ManageEngine, has released a security update addressing a critical SQL injection vulnerability in its ADAudit Plus software.The flaw, identified...
Cyber Security News
Citrix Virtual Apps & Desktops Zero-Day Vulnerability Exploited in the Wild
A critical new vulnerability has been discovered in Citrix’s Virtual Apps and Desktops solution, which is widely used to facilitate secure remote access to...
CVE/vulnerability
Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability
Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions.These...
CVE/vulnerability
GeoVision 0-Day Vulnerability Exploited in the Wild
Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices, which the manufacturer no longer supports.The vulnerability, now designated as...