exploitable
-
Photo courtesy of SquareX Opinions expressed by Digital Journal contributors are their own.
-
Security researchers Ver, Lewis Lee, and Zhiniang Peng have detailed and published a proof-of-concept (PoC) exploit code for a critical vulnerability, designated as CVE-2024-38077 (CVSS 9.8) and referred to as “MadLicense,” impacting all iterations of Windows Server, spanning from 2000 to 2025. This pre-authentication remote code execution (RCE) vulnerability empowers attackers to seize complete control of a targeted…
-
The Apache InLong project, a widely used data integration framework designed for managing large-scale data streams, has issued an urgent security advisory regarding a critical vulnerability in its TubeMQ component.
-
Jul 25, 2024NewsroomDNS Security /Vulnerability
-
[embedded content] GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it. Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk dependencies.
-
NDAY Security unveiled the latest release to its automated offensive security platform, ATTACKN.
-
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
-
Authors/Presenters: Bin Zhang, Jiongyi Chen, Runhao Li, Chao Feng, Ruilin Li, Chaojing Tang Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access.Originating from the conference’s events situated at the Anaheim Marriott; and via the organizations YouTube channel.
-
Mar 21, 2024NewsroomSoftware Security / Open Source
-
On August 8, 2023, Microsoft finally released a kernel patch for a class of vulnerabilities affecting Microsoft Windows since 2015. The vulnerabilities lead to elevation of privilege (EoP), which allows an account with user rights to gain SYSTEM privileges on a vulnerable host. The root cause of this attack surface, according to a 2015 blog, is…
-
Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it.
-
Summary SonicWall next-generation firewall (NGFW) series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities with the potential for remote code execution. SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart and reported that no exploitation had been observed in the wild; however, a proof-of-concept exploit for the latter was publicly released.…
-
by do son · Published October 17, 2022 · Updated December 19, 2023
-
Since August 2023, members of the Huntr bug bounty platform for artificial intelligence (AI) and machine learning (ML) have uncovered over a dozen vulnerabilities exposing AI/ML models to system takeover and sensitive information theft.
-
Threat actors could leverage 34 newly identified vulnerable Windows Driver Model and Windows Driver Framework drivers to facilitate system process manipulation, persistence, and total device takeovers without being detected by security software, according to SecurityWeek. Exploitation of the vulnerable drivers, some of which are from the leading chip, PC, and BIOS manufacturers, is possible without…
-
Which is the least secure OS? No answer selected. Please try again. Please select either existing option or enter your own, however not both.
-
Have you registered as a LinuxSecurity user? No answer selected. Please try again. Please select either existing option or enter your own, however not both.
-
A joint research project conducted by Health Information Sharing and Analysis Center (Health-ISAC), Finite State, and Securin exploitable vulnerabilities in software and firmware, which can be used by hackers to breach connected devices, software applications and healthcare systems. It also discovered nearly 1,000 vulnerabilities across 966 medical products. Such exposure to healthcare facilities have surged…
-
In some recent articles I shared how you as a developer can add security to your skillset by using New Relic capabilities. I also dug deeper into ways on how to mitigate hidden security risks of open source software libraries. Both of these blogs focused on third-party code and how it can impact the security…