critical:
-
As of January 22, 2025, nearly 50,000 Fortinet firewall devices remain exposed to a critical zero-day vulnerability (CVE-2024-55591) despite urgent warnings and available patches. The flaw, which has been actively exploited since November 2024, allows attackers to bypass authentication and gain super-admin privileges on affected systems. CVE-2024-55591 is an authentication bypass vulnerability in Fortinet’s FortiOS…
-
Xona Systems, vendor of secure access management solutions for critical systems and operational technology (OT) environments, launched Tuesday its new Xona Platform. Designed to provide simple user access without allowing insecure user endpoints from connecting to critical assets, the platform is redefining how industries such as utilities, oil and gas, and manufacturing approach secure access…
-
A significant security vulnerability, designated CVE-2025-21613, has been discovered in the go-git library, used for Git version control in pure Go applications. This issue affects all versions before 5.13.0 and is characterized by an argument injection vulnerability, enabling potential attackers to modify git-upload-pack flags when utilizing the file transport protocol. This protocol is particularly vulnerable…
-
New research from Claroty’s Team82 research arm uncovered three vulnerabilities in Hunting Planet WGS-804HPT industrial switch that could allow an attacker to remotely execute code on a vulnerable device. These vulnerabilities include separate buffer and integer overflow vulnerabilities and an OS command injection flaw; an exploit was developed that leverages these bugs and remotely runs…
-
IntroductionAs a Security Researcher, I focus on finding and responsibly reporting security vulnerabilities to enhance the safety of systems worldwide. Not long ago, I identified a critical SQL injection vulnerability in Synnefo’s Internet Management Software (IMS), a platform used by over 350+ Internet service providers (ISPs) across six countries. With millions of users relying on…
-
Understanding the Risk: How a Blind SQL Injection Was Discovered in inDrive.Continue reading on InfoSec Write-ups »
-
The flaw, which was linked to an unpatched issue in the Chrome browser integrated into Facebook’s ad infrastructure, could grant malicious actors control over the server.
-
This week, over 700 new vulnerabilities have been identified, continuing the trend of rising security risks for organizations worldwide. Among the most disturbing is CVE-2024-55591, an authentication bypass vulnerability affecting FortiOS and FortiProxy. This critical zero-day flaw exposes FortiGate firewall devices to potential compromise, allowing remote attackers to gain super-admin privileges on the affected systems.…
-
The UK Home Office launched a consultation this week to protect hospitals, railways and public services from ransomware attacks. Expanding the existing ban on ransomware payments by government departments to include public sector bodies such as NHS trusts and critical national infrastructure is one of the proposals being considered.Read Entire Article
-
President Biden and Israeli Prime Minister Benjamin Netanyahu discussed the efforts to reach a Gaza hostage and ceasefire deal by Jan. 20 — when Biden’s term ends — according to U.S. and Israeli officials. Why it matters: The indirect negotiations between Israel and Hamas have reached a critical point eight days before President-elect Trump is…
-
On January 8, 2025, Ivanti disclosed an actively exploited zero-day vulnerability, tracked as CVE-2025-0282, affecting its Connect Secure The post Ivanti Connect Secure Zero-Day Threat: 2,048 Vulnerable Devices and Critical Exploitation Details Unveiled appeared first on Cybersecurity News.
-
The primary challenge with integrating chatbots and large language models (LLMs) into customer-facing experience is ensuring that responses are fair, reliable and accurate. Synack’s AI Content and Bias Assessment goes beyond cybersecurity vulnerabilities to assess generative AI applications for content violations and evidence of bias. The post Behind the Bot: The Critical Role of Bias…
-
Intrusions involving the now-patched flaw, which could be leveraged to facilitate remote code execution, have stemmed from seven Singapore- and Hong Kong-based IP addresses, according to an analysis from GreyNoise.
-
A vulnerability classified as critical was found in Dell PowerScale OneFS up to 9.4.0.19/9.5.1.0/9.7.1.2/9.8.0.0. This vulnerability affects unknown code. The manipulation leads to multiple unlocks of a critical resource. This vulnerability was named CVE-2024-49602. The attack can be initiated remotely. There is no exploit available.
-
FBI Director Christopher Wray warned national security and intelligence experts that the risks posed by the government of China to U.S. national and economic security are “upon us now.”
-
Best of 2024: CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability
·
In a recent security advisory, Microsoft disclosed a high-severity vulnerability identified as CVE-2024-38063. This critical Remote Code Execution (RCE) flaw, rated with a CVSS score of 9.8, poses a significant… The post CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability appeared first on Strobes Security. The post Best of 2024: CVE-2024-38063: An…
-
submitted by /u/arqf_ [link] [comments]
-
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system.…