Please turn on your JavaScript for this page to function normally.
laptop
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering web pages on Windows – “was …

Adobe Reader
Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)

Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary …

Ivanti
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)

Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers …

Patch Tuesday
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes

September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, …

SonicWall
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting …

Zyxel
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)

Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability …

Veeam
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and …

Apache OFBiz
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to …

Zyxel
Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)

Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute …

Fortra FileCatalyst
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting …

SonicWall
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)

SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific …

SolarWinds
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw …

Don't miss

Cybersecurity news