vulnerability
XZ Utils Backdoor Vulnerability (CVE-2024-3094) Advisory
Overview NSFOCUS CERT recently detected that a backdoor vulnerability in XZ Utils (CVE-2024-3094) was disclosed from the security community, with a CVSS score of 10. Because the SSH underlying layer relies on ...
Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework
Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, ...
CVE-2024-2879: WordPress LayerSlider Vulnerability
Securing our WordPress plugins, the critical CVE-2024-2879 LayerSlider vulnerability, and the importance of bug reporting : OFFICIAL CVE-2024-2879 RELEASE INFORMATION : Within the massive WordPress ecosystem, plugins like LayerSlider play a crucial ...
CVE-2023-48788 Vulnerability Reported in FortiClientEMS
Fortinet’s FortiClient EMS product exploited via CVE-2023-48788, a critical SQL injection vulnerability : OFFICIAL CVE-2023-48788 PATCHING INFORMATION : The CISA (Cybersecurity and Infrastructure Security Agency) has alerted organizations to actively exploit ‘The ...
CVE-2024-21412 Vulnerability Reported in Defender SmartScreen
Guarding against SmartScreen bypass (CVE-2024-21412) and DarkGate malware campaign A recent surge in cyberattacks has seen malevolent actors exploiting a vulnerability in Windows Defender SmartScreen, a critical security feature designed to protect ...
How to Streamline the Vulnerability Management Life Cycle
Establishing a vulnerability management process is a crucial part of an organization's cybersecurity strategy and demands thoughtful planning ...
BianLian GOs for PowerShell After TeamCity Exploitation
Contributors: Justin Timothy, Threat Intelligence Consultant, Gabe Renfro, DFIR Advisory Consultant, Keven Murphy, DFIR Principal Consultant Introduction Ever since Avast […] ...
Urgent Update: Patching Critical iOS Zero-Day Vulnerabilities
Apple rolls out crucial updates to thwart active cyberattacks exploiting kernel-level iOS zero-day vulnerabilities in iPhones In an important move to strengthen the security of iPhone users, Apple has recently released emergency ...
JetBrains TeamCity Vulnerability Requires Immediate Patching
TeamCity, the build management and continuous integration server from JetBrains, requires immediate vulnerability patching : TeamCity 2023.11.4 Update Here : JetBrains, the leading software development company, has issued an urgent security advisory ...
NSFOCUS Research Labs Acknowledged by MSRC for Reporting Azure Database Service RCE Vulnerability
Overview NSFOCUS received acknowledgments from the Microsoft Security Response Center (MSRC) for reporting Azure Database Service RCE Vulnerability. Azure Database for PostgreSQL – Flexible Server is a relational database service based on the ...
