vulnerability
Security Flaw in CoCalc: One Click and Your Cloud is Ruined
TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click ...
Exploited Ivanti Connect SSRF vulnerability traced back to ‘xmltooling’ OSS library
Over the past few weeks, vulnerabilities in proprietary Ivanti products, in particular Ivanti Connect Secure, Policy Secure, and ZTA gateways, have been making headlines for their active exploitation in the wild ...
Web Vulnerability Submissions Exploded in 2023
There was an alarming surge of user-submitted web vulnerability submissions in 2023—with a 30% increase compared to 2022—as open-scoped bug bounty programs evolved ...
Chinese Espionage Group Has Exploited VMware Flaw Since 2021
A Chinese espionage group spotted last year by Mandiant researchers abusing a flaw that affected VMware virtualization tools has been exploiting another zero-day vulnerability in VMware’s vCenter Server since at least late ...
Ransomware Activity Surged in 2023, Likely to Evolve in 2024
A Rapid7 report found that last year was marked by an onslaught of ransomware attacks, and expects the same in 2024 ...
Apache ActiveMQ Vulnerability: The Threat That Cannot Be Ignored
Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a remote code execution (RCE) flaw rated at a critical 10.0 on the CVSS v3 scale ...
CVE-2023-50164: A Critical Vulnerability in Apache Struts
On December 7, 2023, Apache released a security advisory regarding CVE-2023-50164, a critical vulnerability in Apache Struts with CVSS score 9.8. Versions from 2.5.0 to 2.5.32 and 6.0.0 to 6.3.0 were affected. ...
Code Execution Update: Improve WordPress Security
In the ever-evolving landscape of digital security, WordPress has recently released a critical code execution update, version 6.4.2, addressing a potential threat that could jeopardize the integrity of vulnerable sites. This update, ...
CVE-2023-22524: RCE Vulnerability in Atlassian Companion for macOS
TL;DR This blog unveils a remote code execution vulnerability, identified as CVE-2023-22524, in Atlassian Companion for macOS, which has recently been patched. This critical vulnerability stemmed from an ability to bypass both ...
5 Security Benefits of Application Mapping
Application mapping can have many advantages for organizations managing complex IT infrastructure, not the least of which is security ...