Unauthorized Pipeline Jobs Flaw Patched By GitLab

Recent media reports have shed light on GitLab rolling out another round of updates. These GitLab security updates are for the pipeline jobs security flaw with the software. In this article, we’ll ...

Critical OpenSSH Vulnerability (regreSSHion) Gives Root Access

An unauthenticated remote code execution vulnerability (CVE-2024-6387) was discovered in OpenSSH, a widely used tool for secure remote access. Dubbed “regreSSHion”, this race condition vulnerability allows attackers to take complete control in ...

Critical Cacti Vulnerabilities Addressed in Latest Update

Cacti is a popular open-source platform for monitoring network health and performance. Several vulnerabilities were discovered in Cacti, which have been patched in the latest version 1.2.27. This update is crucial for ...

Critical PixieFail Vulnerabilities Lead to RCE and DoS Attacks

A set of critical security vulnerabilities has been found in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification. Named PixieFail by Quarkslab, ...

GitHub Vulnerability: Key Rotation Amid High-Severity Threat

In recent developments, GitHub, a Microsoft-owned subsidiary, has taken proactive measures to address a security vulnerability potentially exposing credentials within production containers. In this article, we’ll analyze the GitHub vulnerability incident, shedding ...
Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

Apache Unomi CVE-2020-13942: RCE Vulnerabilities Discovered

“Apache Unomi is a Java Open Source customer data platform, a Java server designed to manage customers, leads and visitors’ data and help personalize customers experiences,” according to its website. Unomi can ...
Exploiting Apache Dubbo Remote Code Execution Vulnerability

Checkmarx Research: Apache Dubbo 2.7.3 – Unauthenticated RCE via Deserialization of Untrusted Data (CVE-2019-17564)

Executive Summary Having developed a high level of interest in serialization attacks in recent years, I’ve decided to put some effort into researching Apache Dubbo some months back. Dubbo, I’ve learned, deserializes ...
Apache Struts, RCEs, and the Equifax Breach Anniversary

Apache Struts, RCEs, and the Equifax Breach Anniversary

We just passed the one-year anniversary of Equifax’s announcement of their massive data breach due to an exploit of an Apache Struts vulnerability (CVE-2017-5638) – and incidentally, at nearly the same time ...