Security News

Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
2024-08-28 08:46

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials...

Versa fixes Director zero-day vulnerability exploited in attacks
2024-08-26 16:11

Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI. [...]

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
2024-08-26 14:33

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The...

Nuclei: Open-source vulnerability scanner
2024-08-26 03:21

Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be adapted to perform various security checks....

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September
2024-08-24 07:03

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of...

Vulnerability prioritization is only the beginning
2024-08-23 04:30

To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table...

Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk
2024-08-22 16:35

SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances....

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
2024-08-21 16:15

Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft's Copilot Studio that could be exploited to access sensitive information. "An authenticated attacker can bypass Server-Side Request Forgery protection in Microsoft Copilot Studio to leak sensitive information over a network," Microsoft said in an advisory released on August 6, 2024.

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk
2024-08-21 04:35

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw,...

Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
2024-08-20 10:25

A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of this backdoor is that it communicates with a command-and-control server via DNS traffic," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.