Security News

Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
2024-09-06 10:01

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote...

Veeam warns of critical RCE flaw in Backup & Replication software
2024-09-05 14:17

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup &...

D-Link says it is not fixing four RCE flaws in DIR-846W routers
2024-09-03 15:46

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. [...]

Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE
2024-09-01 08:00

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) SonicWall has patched a...

APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)
2024-08-28 09:00

ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East...

CISA warns of Jenkins RCE bug exploited in ransomware attacks
2024-08-19 19:16

​CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...]

CISA warns critical SolarWinds RCE bug is exploited in attacks
2024-08-16 16:33

CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...]

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
2024-08-15 11:44

SolarWinds has fixed a critical vulnerability in its Web Help Desk solution that may allow attackers to run commands on the host machine. "While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing. However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available," the company advises.

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
2024-08-14 20:51

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6...

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled
2024-08-14 20:51

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6...