Please turn on your JavaScript for this page to function normally.
GitHub
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned …

Veeam
Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web …

Ivanti
PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)

Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the …

North Korea
US exposes scheme enabling North Korean IT workers to bypass sanctions

The US Justice Department had unsealed charges against a US woman and an Ukranian man who, along with three unidentified foreign nationals, have allegedly helped North Korean …

TunnelVision
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on …

Veeam
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

Veeam has patched a critical vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam …

passkeys
Microsoft, Google widen passkey support for its users

Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out …

Progress
PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network …

CrushFTP
CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The …

Palo Alto Networks
Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

UPDATE: April 30, 09:30 AM ET New story: Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades While it initially seemed that …

Delinea Secret Server
A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass …

Microsoft SharePoint
New covert SharePoint data exfiltration techniques revealed

Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. …

Don't miss

Cybersecurity news