vulnerability
Qualcomm zero-day under targeted exploitation (CVE-2024-43047)
An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About …
Linux systems targeted with stealthy “Perfctl” cryptomining malware
Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others …
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and …
CUPS vulnerabilities could be abused for DDoS attacks
While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote …
Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)
Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. …
CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE
After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day …
The number of Android memory safety vulnerabilities has tumbled, and here’s why
Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety …
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by …
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation …
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged …
Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to …
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, …