CVE/vulnerability
1-Click RCE Attack In Kerio Control UTM Allow Attackers Gain Firewall Root Access Remotely
GFI Software's Kerio Control, a popular UTM solution, was found to be vulnerable to multiple HTTP Response Splitting vulnerabilities, which affecting versions 9.2.5 through 9.4.5, could potentially allow attackers...
Cyber Crime
Researchers Detailed Credential Abuse Cycle
Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them to gain unauthorized access. This can lead to data...
cyber security
Hackers Abuse EDRSilencer Red Team Tool To Evade Detection
EDRSilencer, a red team tool, interferes with EDR solutions by blocking network communication for associated processes using the WFP, which makes it harder to...
cyber security
Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks
A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks.With a CVSS base score of 9.8,...
CVE/vulnerability
Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code
Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability was found in Foxit PDF Reader, a widely used alternative...
CVE/vulnerability
RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files
The researcher investigated the potential security risks associated with debugging dump files in Visual Studio by focusing on vulnerabilities that could be exploited without...
Cyber Security News
Hackers Exploiting Progress WhatsUp RCE Vulnerability In The Wild
RCE attacks on WhatsUp Gold exploited the Active Monitor PowerShell Script to execute malicious code, as the vulnerabilities CVE-2024-6670 and CVE-2024-6671, patched on August...
CVE/vulnerability
Security Flaw Allows Attackers to Clone YubiKeys by Extract Private Key
Secure elements consist mainly of tiny microcontrollers, which provide service by generating and storing secrets and performing cryptographic operations.Thomas Roche of NinjaLab finds a...
CVE/vulnerability
PoC Exploit Released For 0-Day Windows Kernel Privilege Escalation Vulnerability
Microsoft released several patches for multiple vulnerabilities during the Patch Tuesday for August 2024. One of the vulnerabilities listed by Microsoft was the CVE-2024-38106....
CVE/vulnerability
BYOVDLL – A New Exploit That Is Bypassing LSASS Protection
In July 2022, Microsoft patched a well-known PPL bypass flaw, initially discovered by Ionescu and Forshaw. This allowed protection circumvention without kernel code execution, and...
CVE/vulnerability
Google’s Quick Share Vulnerabilities Let Attackers Execute Remote Code
By reverse-engineering Quick Share's proprietary communication protocol, researchers uncovered multiple vulnerabilities, including unauthorized file writes, forced Wi-Fi connections, directory traversal, and denial-of-service conditions. These flaws...