Palo Alto Networks Firewall Vulnerability “CVE-2024-3393” Exploited in the Wild
Palo Alto Networks has disclosed a high-severity vulnerability, CVE-2024-3393, in its PAN-OS software that powers its next-generation firewalls.
The flaw allows unauthenticated attackers to exploit the DNS Security feature by sending specially crafted DNS packets,...
D-Link Routers Under Attack – Botnet Exploiting Devices to Gain Full Remote Control
A surge in cyberattacks leveraging legacy vulnerabilities in D-Link routers has been detected, with two botnets, FICORA and CAPSAICIN, actively exploiting these weaknesses.
Researchers at Fortinet’s FortiGuard Labs observed a spike in activity from...
New Sophisticated Attack Weaponizes Windows Defender to Bypass EDR
A sophisticated attack technique that weaponizes Windows Defender Application Control (WDAC) to disable Endpoint Detection and Response (EDR) sensors on Windows machines.
WDAC, a technology introduced with Windows 10 and Windows Server 2016, was designed...
Apache Traffic Control Vulnerability Let Attackers Inject Malicious SQL Commands
A critical SQL injection vulnerability, identified as CVE-2024-45387, has been discovered in Apache Traffic Control, a widely used open-source platform for managing large-scale content delivery networks (CDNs).
This vulnerability affects versions 8.0.0 through 8.0.1 of...
Apache HugeGraph-Server Vulnerability Lets Attackers Bypass Authentication
A new security vulnerability, CVE-2024-43441, has been identified in Apache HugeGraph-Server, a widely used open-source graph database system.
This flaw, classified as an Authentication Bypass by Assumed-Immutable Data vulnerability, affects versions 1.0 to 1.3...
OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organizations
The Iranian state-sponsored hacking group OilRig, also known as APT34, has intensified its cyber espionage activities, targeting critical infrastructure and government entities in the United Arab Emirates and the broader Gulf region.
Security researchers from...
Node.js “systeminformation” Vulnerability Exposes Millions of Systems to RCE Attacks
A critical security vulnerability has been discovered in the widely-used Node.js package "systeminformation," potentially exposing millions of systems to remote code execution (RCE) attacks.
The flaw, identified as CVE-2024-56334, affects versions up to and including...
Webmin RCE Vulnerability Let Attackers Execute Arbitrary Code & Gain Server Control
Webmin, the popular web-based system administration tool, has been found to contain a critical security vulnerability that could allow attackers to seize control of servers. The vulnerability, identified as CVE-2024-12828, has been assigned a...
New G-Door Vulnerability Lets Hackers Bypass Microsoft 365 Security With Google Docs
A newly discovered vulnerability, dubbed "G-Door," allows malicious actors to circumvent Microsoft 365 security measures by exploiting unmanaged Google Docs accounts. This security flaw poses a significant threat to organizations relying on Microsoft 365's...
Threat Actors Exploiting Microsoft Office Vulnerability to Execute Malicious Code
A sophisticated cyber-espionage group known as Cloud Atlas has been observed leveraging a critical Microsoft Office vulnerability to launch targeted attacks against organizations in Eastern Europe and Central Asia.
According to researchers, the group, active...
Recent Posts
CyTwist Launches Advanced Security Solution to identify AI-Driven Cyber Threats in...
CyTwist, a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware.
The cybersecurity...