Security News

One of the most effective ways for information technology (IT) professionals to uncover a company’s weaknesses before the bad guys do is penetration testing. By simulating real-world cyberattacks,...

A proof-of-concept exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. Veeam issued a security bulletin about the critical flaw on May 21, warning about a critical vulnerability enabling remote unauthenticated attackers to log in to VBEM's web interface as any user.

A new PHP for Windows remote code execution vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. The new RCE flaw tracked as CVE-2024-4577, was discovered by Devcore Principal Security Researcher Orange Tsai on May 7, 2024, who reported it to the PHP developers.

Zyxel has released patches for three critical vulnerabilities affecting two network-attached storage devices that have recently reached end-of-vulnerability-support. The vulnerabilities have been discovered and reported by Timothy Hjort, a vulnerability researcher with Outpost24's Ghost Labs.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Researchers have published a proof-of-concept exploit script demonstrating a chained remote code execution vulnerability on Progress Telerik Report Servers. Cybersecurity researcher Sina Kheirkha developed the exploit with the help of Soroush Dalili and has now published a detailed write-up that describes the intricate process of exploiting two flaws, an authentication bypass and a deserialization issue, to execute code on the target.

Ai researches have released proof-of-concept exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE-2024-23108 and CVE-2024-23109 are OS command injection vulnerabilities in the FortiSIEM supervisor and can be exploited remotely, without authentication, with specially crafted API requests.

You’re probably familiar with the term “critical assets”. These are the technology assets within your company's IT infrastructure that are essential to the functioning of your organization. If...

The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. The TP-Link Archer C5400X is a high-end tri-band gaming router designed to provide robust performance and advanced features for gaming and other demanding applications, and based on the number of user reviews the product has on online stores, it appears to be a popular choice among gamers.