Security News

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
2024-10-09 12:32

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an...

Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
2024-10-08 16:38

Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild. The zero-day flaws are being weaponized in...

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits
2024-10-08 04:07

Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The...

Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
2024-10-07 09:30

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible...

Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast
2024-10-06 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: October 2024 Patch Tuesday forecast: Recall can be recalled October arrived, and Microsoft started...

Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
2024-10-05 04:50

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology. The...

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
2024-10-03 15:20

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency...

Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing
2024-10-02 20:39

Poor use of PHP include() strikes again Two trivial but critical security holes have been found in Optigo's Spectra Aggregation Switch, and so far no patch is available.…

Critical Ivanti RCE flaw with public exploit now used in attacks
2024-10-02 18:55

CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. [...]

CISA: Network switch RCE flaw impacts critical infrastructure
2024-10-02 15:02

U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used...