Please turn on your JavaScript for this page to function normally.
SonicWall
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)

SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific …

SolarWinds
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw …

GitHub
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the …

North Korea
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ …

Apple Windows
Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, …

digital wallet
Stolen, locked payment cards can be used with digital wallet apps

Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims report the card stolen and the bank replaces it, …

SolarWinds
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While …

1Password
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)

Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the …

Hand
“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox

A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on …

Microsoft Windows
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A …

roundcube
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)

Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email …

Windows
Researchers unearth MotW bypass technique used by threat actors for years

Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools