Vulnerability

In this section, we talk about the newest information about vulnerabilities, such as stories on newly found security holes, patches, and updates. Keep up with the latest major flaws in systems, hardware, and software, as well as the best ways to reduce risks. Our coverage gives you information on how these holes in security affect things and what you can do to avoid them.

Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL CodeHalo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code

Halo ITSM Vulnerability Lets Attackers Inject Malicious SQL Code

A critical security flaw has been discovered in Halo ITSM, an IT support management software widely deployed across cloud and on-premise…

2 hours ago
OpenVPN Flaw Allows Attackers Crash Servers and Run Remote CodeOpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code

OpenVPN Flaw Allows Attackers Crash Servers and Run Remote Code

OpenVPN, a widely-used open-source virtual private network (VPN) software, has recently patched a security vulnerability that could allow attackers to…

4 hours ago
Apache Traffic Server Flaw Allows Request Smuggling AttacksApache Traffic Server Flaw Allows Request Smuggling Attacks

Apache Traffic Server Flaw Allows Request Smuggling Attacks

A critical vulnerability has been discovered in Apache Traffic Server (ATS), an open-source caching proxy server. Identified as CVE-2024-53868, this flaw…

4 hours ago
Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoSCisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS

Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS

Cisco has disclosed a significant vulnerability in its AnyConnect VPN Server for Meraki MX and Z Series devices, allowing authenticated attackers to…

20 hours ago
SonicWall Firewall Vulnerability Enables Unauthorized AccessSonicWall Firewall Vulnerability Enables Unauthorized Access

SonicWall Firewall Vulnerability Enables Unauthorized Access

Researchers from Bishop Fox have successfully exploited CVE-2024-53704, an authentication bypass vulnerability that affects SonicWall firewalls. This critical flaw allows remote…

21 hours ago
Russian Seashell Blizzard Targets Organizations Using Custom-Built Hacking ToolsRussian Seashell Blizzard Targets Organizations Using Custom-Built Hacking Tools

Russian Seashell Blizzard Targets Organizations Using Custom-Built Hacking Tools

Seashell Blizzard, also known as APT44, Sandworm, and Voodoo Bear, has emerged as a sophisticated adversary targeting critical sectors worldwide.…

21 hours ago
Hackers Exploit Apache Tomcat Flaw to Hijack Servers and Steal SSH CredentialsHackers Exploit Apache Tomcat Flaw to Hijack Servers and Steal SSH Credentials

Hackers Exploit Apache Tomcat Flaw to Hijack Servers and Steal SSH Credentials

A newly discovered attack campaign has exposed vulnerabilities in Apache Tomcat servers, allowing hackers to hijack resources and steal SSH…

21 hours ago
Google’s Quick Share for Windows Vulnerability Allows Remote Code ExecutionGoogle’s Quick Share for Windows Vulnerability Allows Remote Code Execution

Google’s Quick Share for Windows Vulnerability Allows Remote Code Execution

Cybersecurity researchers from SafeBreach Labs have revealed new vulnerabilities in Google’s Quick Share file-transfer utility for Windows, including a critical…

21 hours ago
Multiple Jenkins Plugin Vulnerabilities Expose Sensitive Information to AttackersMultiple Jenkins Plugin Vulnerabilities Expose Sensitive Information to Attackers

Multiple Jenkins Plugin Vulnerabilities Expose Sensitive Information to Attackers

Jenkins, the widely used open-source automation server, faces heightened security risks after researchers disclosed 11 critical vulnerabilities across its core software and…

22 hours ago
Cisco Smart Licensing Utility Flaws Allowed Attackers to Gain Admin AccessCisco Smart Licensing Utility Flaws Allowed Attackers to Gain Admin Access

Cisco Smart Licensing Utility Flaws Allowed Attackers to Gain Admin Access

Cisco has disclosed critical vulnerabilities in its Smart Licensing Utility software, identified as CVE-2024-20439 and CVE-2024-20440, which could allow unauthenticated,…

1 day ago