The Black Basta ransomware gang may have exploited a Windows privilege escalation vulnerability as a zero-day before it was patched, new evidence suggests.
Symantec researchers have revea… Read More
Securing a Laravel application is a critical aspect of maintaining the integrity and confidentiality of your data. In this article, we will explore best… Read More
Published on May 28th, 2024Google has addressed a high-severity vulnerability (CVE-2024-5274) actively exploited in the wild within Chrome.
This flaw, classified as a type confusion bug in t… Read More
Soon after an independent researcher exposed a vulnerability in the commercial-grade pcTattletale spyware tool that could compromise recordings, the tool’s website was hacked and defac… Read More
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274… Read More
Google released a new Chrome update on Thursday to fix the fourth zero-day vulnerability in two weeks and eighth overall in 2024.
The high-severity flaw, tracked as CVE-2024-5274, is ro… Read More
Cybersecurity threats are a real worry for anybody who uses the internet, be it at home or work. The average bounty for spotting a major software weakness is now $3,650; that’s how ser… Read More
Hello, I’m Velma, Rootshell’s Platform Vulnerability Enhanced Learning Machine AI. My purpose is to inform you about significant technical vulnerabilities and exploits that requi… Read More
A critical security vulnerability(CVE-2024-4323) referred to as "Linguistic Lumberjack," has been found within Fluent Bit, a widely-used logging and metrics tracking utility employed within… Read More
WP Guardian Service of Trade & Investment Bangladesh
(Premium Care for Your Website)
Md. Joynal Abdin, BBA (Hons.), MBA
Founder & CEO, Trade & Investment Bangladesh
Welco… Read More
Microsoft patched a zero-day vulnerability exploited by attackers to distribute QakBot and other malware payloads on susceptible Windows systems.
Identified as CVE-2024-30051, this vulner… Read More
Sonne Finance was exploited for $20 million, impacting its operations on the Optimism network.
The exploit involved manipulating exchange rates to inflate collateral values fraudulently… Read More
A zero-day vulnerability in Microsoft Edge, which has been tagged as CVE-2024-4671, has been aggressively exploited by evil organizations, according to reports.
This security flaw origina… Read More
WordPress Security Breach Millions of Passwords Left Unencrypted by Popular Plugin – Critical Flaw in Popular WordPress Plugin Exposes Millions of Sites
The discovery of critical secu… Read More
Published on May 9th, 2024More than half of the 90,310 hosts have been discovered exposing a Tinyproxy service online, vulnerable to a critical unpatched security flaw in the HTTP/HTTPS prox… Read More
OWASP enhances software security through community-driven efforts. It provides resources to mitigate web application vulnerabilities, fostering a safer online environment. The project focuse… Read More
Published on May 6th, 2024Several popular Android applications on the Google Play Store are exposed to a vulnerability known as the Dirty Stream attack, which is associated with path travers… Read More
A significant security flaw, identified as CVE-2023-49606, has been reported by Cisco Talos in the widely used Tinyproxy software. This vulnerability, stemming from improper handling of HTTP… Read More
Path traversal vulnerabilities, or directory traversal, are now subject to a government advisory for obligatory consideration
We live in an environment where digital infrastructure is increa… Read More
Researchers have discovered that several popular Android applications in the Google Play Store with millions, even a billion downloads are susceptible to a path traversal-related vulnerabili… Read More
In July 2023, the Curve Finance reentrancy attack posed a significant security challenge for the leading decentralized finance (DeFi) platform, Curve Finance.
A reentrancy vulnerability… Read More
Published on April 30th, 2024Researchers in the field of cybersecurity have recently discovered a concerning vulnerability associated with third-party plugins designed for OpenAI’s Cha… Read More
The rise of website defacement in today’s digital age has made safeguarding websites critical for businesses and individuals alike. The threat of hackers targeting sites with defacemen… Read More
In a world where cyber threats keep evolving, staying ahead of hackers is a must for IT professionals. Ethical hacking is our digital line of defense, crucial in uncovering system weaknesses… Read More
Networking giant Cisco warned that a group of state-sponsored hackers exploited zero-days in its firewall appliances to spy on government networks over the last several months.
Cisco in a… Read More
Protecting your website from cyber attacks is an essential task for any business or individual with an online presence. With the rise of cyber threats, it’s more important than ever to… Read More
Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified as CVE-2024-3400.
This zero-day flaw, found in the GlobalProtect Gateway, is curre… Read More
Web3 gaming is a revolutionary concept that leverages blockchain technology to empower players and reshape the way we interact with virtual worlds. Forget centralized servers and limited own… Read More
Attackers are now actively targeting over 92,000 endoflife DLink Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zeroday fl… Read More
Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE)… Read More
Multiple critical vulnerabilities were discovered in a popular WordPress plugin MasterStudy LMS, that has over 10,000 active installations. The reported vulnerabilities, if exploited, could… Read More
In a recent disclosure, cybersecurity firm Bitdefender has revealed a series of critical vulnerabilities within LG’s WebOS, the operating system used in many of the brand’s smart… Read More
Apple released iOS 17.4.1 on March 21, more than two weeks after the company released iOS 17.4. The iOS 17.4 release brought fresh features to your iPhone, like new Stolen Device Prote… Read More
Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including two zero-day exploits showcased at the prestigious Pwn2Own 2024 hacking competition… Read More
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code e… Read More
An anonymous reader shared this report from The Register:
Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to comp… Read More
Home
Attackers actively exploiting a month-old critical Fortinet vulnerability in Fortinet solution (CVE-2024-21762)
All the businesses that have deployed Fortinet solut… Read More
The Software Product Development Life Cycle (SDLC) represents a structured approach to crafting software solutions, guiding them from conception to deployment and beyond. Each phase of the S… Read More
Hello, I’m Velma, Rootshell’s Platform Vulnerability Enhanced Learning Machine AI. My purpose is to inform you about significant technical vulnerabilities and exploits that requi… Read More
To revisit this article, visit My Profile, then View saved stories.To revisit this article, visit My Profile, then View saved stories.Kate O'FlahertyIt’s the shortest month of the year… Read More
Facepalm: Occasionally, Microsoft sends users into a frenzy with unpolished or bugged OS updates, causing various stability and reliability issues. The most recent patches for Windows 11 see… Read More
VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw.Tracked as CVE-2024-22245 (CVSS score: 9.6), the v… Read More
ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execut… Read More
Microsoft has reported a critical vulnerability in Office Suite, dubbed CVE-2024-21413, requiring immediate patching
In a recent revelation, Microsoft has highlighted a critical vulner… Read More
Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerabil… Read More
Microsoft has released patches to address 73 security flaws spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under… Read More
Sed ut perspiciatis unde. NAS vendor QNAP Systems has urgently issued patches for no fewer than 24 vulnerabilities across its product range, including two high-severity flaws that could… Read More
The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances.Trac… Read More
The update adds new features to your iPhone, but more importantly it addresses a security issue that could be actively exploited. Apple released iOS 17.3 on Jan. 22, and the update introduc… Read More
Introduction
On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server… Read More
The update addresses a security issue that could be actively exploited, so don't put this off for later. Apple released iOS 17.3 on Monday, introducing new features like Stolen Device Prote… Read More
Apple on Monday released security updates for iOS, iPadOS, macOS, tvOS, and Safari web browser to address a zero-day flaw that has come under active exploitation in the wild.
The issue, trac… Read More