multiple
-
[R1] Tenable Network Monitor Version 6.5.1 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 05/22/2025 – 07:41 Tenable Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components (OpenSSL, expat, curl, libpcap, libxml2) were found to contain vulnerabilities, and updated versions have been made available by the providers.Out of caution and in line…
-
On 21 May 2025, ProjectDiscovery published technical details for multiple vulnerabilities they discovered in Versa Concerto, including authentication bypasses, remote code execution (RCE), and container escapes. Versa Concerto is a centralised management platform used to manage Versa’s SD-WAN and SASE services. It is a Spring Boot-based application deployed via Docker containers and routed through Traefik.…
-
On May 21, 2025, ProjectDiscovery published technical details for multiple vulnerabilities they discovered in Versa Concerto, including authentication bypasses, remote code execution (RCE), and container escapes. Versa Concerto is a centralized management platform used to manage Versa’s SD-WAN and SASE services. It is a Spring Boot-based application deployed via Docker containers and routed through Traefik.…
-
On May 21, 2025, ProjectDiscovery published technical details for multiple vulnerabilities they discovered in Versa Concerto, including authentication bypasses, remote code execution (RCE), and container escapes. Versa Concerto is a centralized management platform used to manage Versa’s SD-WAN and SASE services. It is a Spring Boot-based application deployed via Docker containers and routed through Traefik.…
-
CERT Polska has received a report about 7 vulnerabilities (from CVE-2025-1415 to CVE-2025-1421) found in Konsola Proget software. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor. Enroll Now and Save 10%: Coupon Code MWNEWS10 Note: Affiliate link – your enrollment…
-
In today’s world, businesses need simultaneous remote connections to collaborate effectively, and the default RDP limitations on Windows can be a significant obstacle to team growth and flexibility. Fortunately, the right tools, such as Group Policy, RDP Wrapper, and RDCMan can overcome RDP limitations and significantly enhance the quality of remote connections. Operational support for…
-
Siemens User Management Component V2.15 Multiple Vulnerabilities Multiple vulnerabilities exist in Siemens User Management Component V2.15.CVE-2025-30174 – um.Ris.exe Out-of-bounds Read DoS (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) An unauthenticated remote attacker can send an integer with a large value to crash um.Ris.exe. CVE-2025-30175 – um.serlib.dll ixstream::ReadString int32 Overflow DoS (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)An unauthenticated remote attacker could send an integer with a large value causing…
-
Three critical vulnerabilities in pfSense firewall software that could allow authenticated attackers to inject malicious code, manipulate cloud backups, and potentially achieve remote code execution. The vulnerabilities affect both pfSense Community Edition (CE) prior to version 2.8.0 beta and corresponding pfSense Plus builds. These flaws, CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779, exploit weaknesses in the Automatic Configuration…
-
Critical security flaws have been uncovered in Ivanti Endpoint Manager Mobile (EPMM), a widely used mobile device management (MDM) solution, exposing organizations to the risk of unauthenticated remote code execution (RCE). The vulnerabilities, tracked as CVE-2025-4427 and CVE-2025-4428, have been actively exploited in the wild, prompting urgent calls for patching from security agencies and Ivanti…
-
Jenkins, the widely used automation server for CI/CD pipelines, has released a critical security advisory addressing several vulnerabilities in popular plugins. These flaws-ranging from authentication bypasses to cross-site scripting-could allow attackers to compromise Jenkins environments, bypass authentication, or gain elevated privileges. The security updates bring essential patches for affected plugins, but in some cases, no…
-
Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.BackgroundOn May 13th, Fortinet published a security advisory (FG-IR-25-254) for CVE-2025-32756, a critical arbitrary code execution vulnerability affecting multiple Fortinet products.CVEDescriptionCVSSv3CVE-2025-32756An arbitrary code execution vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder…
-
Magento stores have fallen prey to a new wave of malware attack via backdoored extensions.… Backdoored Magento Extensions Impact Multiple Online Stores on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
-
Multiple vulnerabilities have been discovered in NVIDIA Drivers, the worst of which could result in arbitrary code execution.
-
Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which can lead to arbitrary code execution.
-
Multiple vulnerabilities have been discovered in PAM, the worst of which could lead to password leakage.
-
arXiv:2505.03843v1 Announce Type: new Abstract: As restaking protocols gain adoption across blockchain ecosystems, there is a need for Actively Validated Services (AVSs) to span multiple Shared Security Providers (SSPs). This leads to stake fragmentation which introduces new complications where an adversary may compromise an AVS by targeting its weakest SSP. In this paper, we formalize…
-
Cybersecurity researchers at ANY.RUN have uncovered a sophisticated attack leveraging the Diamorphine rootkit to deploy a cryptocurrency miner on Linux systems, highlighting the growing misuse of open-source tools in malicious campaigns. The detailed analysis with ANY.RUN Sandbox exposes a multi-stage attack that employs advanced persistence and evasion techniques, posing a significant threat to Linux-based environments.…
-
[R1] Security Center Version 6.6.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 05/06/2025 – 09:44 Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components (sqlite, ua-parser-js) were found to contain vulnerabilities, and updated versions have been made available by the providers.Out of caution and in line with best practice, Tenable…
-
Several radio stations owned by iHeartMedia were breached in December, exposing Social Security numbers, financial information and more.