Monday, January 13, 2025

Vulnerability

WordPress Plugin Vulnerability Exposes 3 Million Websites to Injection Attacks

A critical vulnerability has been identified in the popular UpdraftPlus: WP Backup & Migration Plugin, potentially impacting over 3 million WordPress websites.This security flaw...

Malicious npm Packages Stealing Developers’ Sensitive Data

Attackers published 20 malicious npm packages impersonating legitimate Nomic Foundation and Hardhat plugins, where these packages, downloaded over 1,000 times, compromised development environments and...

Garak – An Open Source LLM Vulnerability Scanner for AI Red-Teaming

Garak is a free, open-source tool specifically designed to test the robustness and reliability of Large Language Models (LLMs).Inspired by utilities like Nmap...

Windows Registry Privilege Escalation Vulnerability – PoC Released

Researchers have released a proof of concept (PoC) exploit for a critical privilege escalation vulnerability affecting Microsoft Windows.This vulnerability, CVE-2024-43452, allows attackers to gain...

ASUS Critical Vulnerabilities Let Attackers Execute Arbitrary Commands

In a recent security advisory, ASUS has alerted users to critical vulnerabilities affecting several of its router models. These flaws, tracked as CVE-2024-12912 and CVE-2024-13062, pose severe risks...

iTerm2 Emulator Vulnerability Let Attackers Access Sensitive User Data

 A critical vulnerability discovered in the popular macOS terminal emulator iTerm2 has raised concerns among cybersecurity experts and software users.The flaw, which could...

Trend Micro Apex One Vulnerabilities Let Escalate Privilege

Trend Micro has addressed six high-severity vulnerabilities in its Apex One and Apex One as a Service product, which could allow attackers to escalate privileges on affected Windows...

CISA Warns of Palo Alto Networks PAN-OS Vulnerability Exploited in Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert on a critical vulnerability in Palo Alto Networks PAN-OS.Tracked as CVE-2024-3393, this...