Amazon says 175 million customer now use passkeys to log in
Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year...
Finland seizes servers of 'Sipultie' dark web drugs market
The Finnish Customs office took down the website and seized the servers for the darknet...
EDRSilencer red team tool used in attacks to bypass security
A tool for red-team operations called EDRSilencer has been observed in malicious incidents...
Generative AI in Security: Risks and Mitigation Strategies
Microsoft’s Siva Sundaramoorthy provides a blueprint for how common cyber precautions apply to...
Microsoft says more ransomware stopped before reaching encryption
Volume of attacks still surging though, according to Digital Defense Report Microsoft says...
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns
New variants of an Android banking trojan called TrickMo have been found to harbor previously...
New Malware Campaign Uses PureCrypter Loader to Deliver DarkVision RAT
Cybersecurity researchers have disclosed a new malware campaign that leverages a malware loader...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Latest Vulnerabilities
-
CVE-2024-9923
4.9The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root...
-
CVE-2024-9924
9.8The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which...
networklow complexitycritical -
CVE-2024-9921
9.8The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete...
-
CVE-2024-9922
7.5The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files.
-
CVE-2024-8757
7.2The WP Post Author – Boost Your Blog's Engagement with Author Box, Social Links, Co-Authors, Guest Authors, Post Rating System, and Custom User Registration Form Builder plugin for WordPress is...
Latest Critical Vulnerabilities
-
CVE-2024-9924
9.8The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which...
networklow complexitycritical -
CVE-2024-9921
9.8The Team+ from TEAMPLUS TECHNOLOGY does not properly validate specific page parameter, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify and delete...
-
CVE-2024-9047
9.8The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfu_file_downloader.php. This makes it possible for unauthenticated...
-
CVE-2024-9707
9.8The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in...
-
CVE-2024-9822
9.8The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'login_admin_user'...
-
CVE-2024-45115 - Unspecified vulnerability in Adobe Commerce and Magento
9.8Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could...
-
CVE-2024-9518
9.8The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'form_actions' and...
-