Security News

Exploit released for maximum severity Fortinet RCE bug, patch now
2024-05-28 16:16

Security researchers have released a proof-of-concept exploit for a maximum-severity vulnerability in Fortinet's security information and event management solution, which was patched in February.On Tuesday, over three months after Fortinet released security updates to patch this security flaw, Horizon3's Attack Team shared a proof-of-concept exploit and published a technical deep-dive.

Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel
2024-05-26 08:00

Google fixes yet another Chrome zero-day exploited in the wildFor the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit. GitHub fixes maximum severity Enterprise Server auth bypass bugA critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub.

Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024
2024-05-24 10:10

Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the...

Ransomware Attacks Exploit VMware ESXi Vulnerabilities in Alarming Pattern
2024-05-23 17:03

Ransomware attacks targeting VMware ESXi infrastructure following an established pattern regardless of the file-encrypting malware deployed. "Virtualization platforms are a core component of...

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
2024-05-22 08:57

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring...

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users
2024-05-21 14:19

A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. "The VBScript and PowerShell...

QNAP QTS zero-day in Share feature gets public RCE exploit
2024-05-20 14:57

The above bugs impact QTS, the NAS operating system on QNAP devices, QuTScloud, the VM-optimized version of QTS, and QTS hero, a specialized version focused on high performance. QNAP has addressed CVE-2023-50361 through CVE-2023-50364 in a security update released in April 2024, in versions QTS 5.1.6.2722 build 20240402 and later, and QuTS hero h5.1.6.2734 build 20240414 and later.

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)
2024-05-20 10:48

Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About...

Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail
2024-05-20 09:26

A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar,...

Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking
2024-05-17 17:20

The cryptojacking group known as Kinsing has demonstrated its ability to continuously evolve and adapt, proving to be a persistent threat by swiftly integrating newly disclosed vulnerabilities to...