Security News

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration
2024-11-12 14:01

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per...

Palo Alto Advises Securing PAN-OS Interface Amid Potential RCE Threat Concerns
2024-11-09 06:12

Palo Alto Networks on Friday issued an informational advisory urging customers to ensure that access to the PAN-OS management interface is secured because of a potential remote code execution...

Critical Veeam RCE bug now used in Frag ransomware attacks
2024-11-08 20:23

After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. [...]

Palo Alto Networks warns of potential PAN-OS RCE vulnerability
2024-11-08 17:42

Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. [...]

HPE warns of critical RCE flaws in Aruba Networking access points
2024-11-07 15:47

Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. [...]

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
2024-11-05 09:34

Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as...

Microsoft SharePoint RCE bug exploited to breach corporate network
2024-11-02 15:19

A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. [...]

Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE
2024-10-27 09:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Fortinet releases patches for publicly undisclosed critical FortiManager vulnerability In the last...

Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch
2024-10-23 19:30

Plus, a POC to make it extra easy for attackers A Microsoft SharePoint bug that can allow an attacker to remotely inject code into vulnerable versions is under active exploitation, according to...

VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time
2024-10-22 17:02

If the first patches don't work, try, try again VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise...