Security News

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)
2024-10-22 11:00

Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow...

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)
2024-10-22 09:21

Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have...

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)
2024-10-15 11:41

Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited...

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)
2024-10-10 12:29

Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET...

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
2024-10-09 12:32

If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an...

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)
2024-10-08 19:37

For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML...

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
2024-10-08 18:08

Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in...

Qualcomm zero-day under targeted exploitation (CVE-2024-43047)
2024-10-08 12:18

An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm...

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
2024-10-03 15:20

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency...

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)
2024-10-02 11:05

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say...