Security News

CISA warns about actively exploited Apache OFBiz RCE flaw
2024-08-08 19:43

The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. [...]

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
2024-08-06 04:16

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning system that could allow threat actors to achieve remote code execution on affected instances. "The root cause of the vulnerability lies in a flaw in the authentication mechanism," SonicWall, which discovered and reported the shortcoming, said in a statement.

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
2024-08-05 13:43

CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. Apache OFBiz is an open-source framework for enterprise resource planning that encompasses web applications that serve common business needs, such as human resources, accounting, inventory management, customer relationship management, marketing and so on.

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP
2024-07-17 05:25

Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks. It has been described as a remote command execution flaw in the Gremlin graph traversal language API. "Users are recommended to upgrade to version 1.3.0 with Java11 and enable the Auth system, which fixes the issue," the Apache Software Foundation noted in late April 2024.

POC exploit code published for 9.8-rated Apache HugeGraph RCE flaw
2024-06-07 01:16

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Muhstik Botnet Exploiting Apache RocketMQ Flaw to Expand DDoS Attacks
2024-06-06 13:14

The distributed denial-of-service (DDoS) botnet known as Muhstik has been observed leveraging a now-patched security flaw impacting Apache RocketMQ to co-opt susceptible servers and expand its...

Three-year-old Apache Flink flaw under active attack
2024-05-24 00:59

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

CISA Warns of Actively Exploited Apache Flink Security Vulnerability
2024-05-23 16:44

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, the open-source, unified stream-processing and batch-processing...

Apache Cordova App Harness Targeted in Dependency Confusion Attack
2024-04-23 14:00

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact...

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks
2024-01-22 03:40

Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised...