Security News

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS...

VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight. "Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," the company said in an update to the original advisory.

Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager product that remote attackers could use to run code with SYSTEM privileges. SolarWinds ARM is a tool that enables organizations to manage and audit user access rights across their IT environments.

Perceived weaknesses in the security of Microsoft's Visual Studio IDE are being raised once again this week with a fresh single-click exploit. Following the 2021 targeting of security researchers by North Korea's state-sponsored offensive cyber group Lazarus, Microsoft rolled out trusted locations to prevent malicious Visual Studio projects being used to achieve remote code execution.

If you're running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability in the libcue library. Discovered by GitHub security researcher Kevin Backhouse, CVE-2023-43641 affects the libcue library, which is used for parsing cue sheets that contain the layout of tracks on a CD. Libcue is also used by an application called tracker-miners, which indexes files in users' home directory.

A new security flaw has been disclosed in the libcue library impacting GNOME Linux systems that could be exploited to achieve remote code execution (RCE) on affected hosts. Tracked as...

A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on Linux systems running the GNOME desktop environment. Libcue, a library designed for parsing cue sheet files, is integrated into the Tracker Miners file metadata indexer, which is included by default in the latest GNOME versions.

Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server. The flaw allows unauthenticated attackers to gain remote code execution after successfully exploiting an authentication bypass weakness in low-complexity attacks that don't require user interaction.

A critical zero-day vulnerability in all versions of Exim mail transfer agent software can let unauthenticated attackers gain remote code execution on Internet-exposed servers. MTA servers like Exim are highly vulnerable targets, primarily because they are often accessible via the Internet, serving as easy entry points for attackers into a target's network.

An inside look at NetSPI's impressive Breach and Attack Simulation platformIn this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation platform and discusses how it offers unique features - from customizable procedures to advanced plays - that help organizations maximize their ROI. How companies can take control of their cybersecurityIn this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field. Critical Trend Micro vulnerability exploited in the wildTrend Micro has fixed a critical zero-day vulnerability in several of its endpoint security products for enterprises that has been spotted being exploited in the wild.