Latest Vulnerability news

US Defense Dept received 50,000 vulnerability reports since 2016

The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016.
- Bill Toulas
- March 19, 2024
- 05:13 PM
- 0
Hackers exploit Aiohttp bug to find vulnerable networks

The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library.
- Bill Toulas
- March 16, 2024
- 10:17 AM
- 0
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.
- Bill Toulas
- March 13, 2024
- 05:26 PM
- 2
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.
- Lawrence Abrams
- March 12, 2024
- 01:52 PM
- 3
Google paid $10 million in bug bounty rewards last year

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.
- Bill Toulas
- March 12, 2024
- 12:00 PM
- 1
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.
- Bill Toulas
- March 10, 2024
- 11:38 AM
- 4
QNAP warns of critical auth bypass flaw in its NAS devices

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.
- Bill Toulas
- March 08, 2024
- 03:03 PM
- 0
AnyCubic fixes exploited 3D printer zero day flaw with new firmware

AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide.
- Lawrence Abrams
- March 07, 2024
- 11:10 AM
- 0
VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion

VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.
- Bill Toulas
- March 06, 2024
- 10:39 AM
- 3
Apple fixes two new iOS zero-days exploited in attacks on iPhones

Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones.
- Lawrence Abrams
- March 05, 2024
- 04:34 PM
- 0
Anycubic 3D printers hacked worldwide to expose security flaw

According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks.
- Sergiu Gatlan
- February 28, 2024
- 06:06 PM
- 0
Lazarus hackers exploited Windows zero-day to gain Kernel privileges

North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques.
- Bill Toulas
- February 28, 2024
- 12:24 PM
- 1
White House urges devs to switch to memory-safe programming languages

The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities.
- Sergiu Gatlan
- February 26, 2024
- 04:34 PM
- 13
Joomla fixes XSS flaws that could expose sites to RCE attacks

Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
- Bill Toulas
- February 21, 2024
- 05:55 PM
- 0
ScreenConnect critical bug now under attack as exploit code emerges

Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
- Bill Toulas
- February 21, 2024
- 12:18 PM
- 1
VMware urges admins to remove deprecated, vulnerable auth plug-in

VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.
- Sergiu Gatlan
- February 20, 2024
- 04:00 PM
- 0
Over 28,500 Exchange servers vulnerable to actively exploited bug

Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.
- Bill Toulas
- February 19, 2024
- 01:46 PM
- 0
Hackers exploit critical RCE flaw in Bricks WordPress site builder

Hackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
- Bill Toulas
- February 19, 2024
- 12:55 PM
- 0
SolarWinds fixes critical RCE bugs in access rights audit solution

SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
- Sergiu Gatlan
- February 16, 2024
- 01:32 PM
- 0
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs

Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.
- Bill Toulas
- February 15, 2024
- 10:30 AM
- 0