Friday, June 21, 2024

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The group has been exploiting a known vulnerability (CVE-2017-11882) in the...
0day Vulnerability XSS Payloads

0-day Vulnerability In 10,000 Web Apps Exploited Using XSS Payloads

A significant vulnerability, tracked as CVE-2024-37629, has been discovered in SummerNote 0.8.18. It allows Cross-Site Scripting (XSS) via the Code View Function.Summernote is a...
Windows Servers MSMQ RCE Flaw

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote Code Execution (RCE) flaw in Microsoft Message Queuing (MSMQ) services....

Firefox 127 Released With patch for 15 Vulnerabilities

Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been rated as high impact.This update is crucial for users to...

PoC Exploit Released For Veeam Authentication Bypass Vulnerability

A proof-of-concept (PoC) exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager.The vulnerability, identified as CVE-2024-29849, has...

Zyxel NAS Devices Vulnerability Let Attackers Execute Code Remotely

Zyxel has released patches addressing critical command injection and remote code execution vulnerabilities in two of its NAS products, NAS326 and NAS542, which have...

Critical wpDataTables Vulnerability Let Attackers Perform SQL Injection

A critical security vulnerability has been discovered in the wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin, a popular plugin used...

Hackers Exploiting Stored XSS Vulnerabilities in WordPress Plugins

In recent cyberattacks, hackers are actively exploiting stored cross-site scripting (XSS) vulnerabilities in various WordPress plugins.According to Fastly reports, these vulnerabilities, identified as CVE-2024-2194,...

Progress Telerik Report Server Flaw Let Attackers Bypass Authentication

A new vulnerability related to authentication bypass was discovered in the Progress Telerik Report server.The CVE for this vulnerability has been assigned CVE-2024-4358, and...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based management interface.This vulnerability could potentially allow authenticated, remote attackers...

Managed WAF protection


Recent Articles