Three vulnerabilities have been disclosed, including an authentication bypass, command injection, and SQL injection, with one allowing remote execution without authentication.
Tycoon and Storm-1575 groups are identified as key players, with Tycoon offering MFA bypass as a service and Storm-1575 targeting Microsoft 365 credentials. Public schools across the United States are facing a surge in sophisticated phishing campaigns, according to a new report by PIXM, a cybersecurity firm specializing in artificial intelligence solutions. Threat actors launch […]
Hackers are exploiting a critical authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, leading to the creation of hundreds of unauthorized users on unpatched instances.
The Black Basta and Bl00dy ransomware gangs are exploiting a critical authentication bypass vulnerability (CVE-2024-1709) in unpatched ScreenConnect servers to gain admin access and deploy ransomware.
The bug affected versions 12.23.1 – 12.72.0 of ExpressVPN for Windows and allowed some DNS requests to bypass ExpressVPN’s server, potentially exposing users’ browsing history.
The flaw allows attackers to bypass authentication and access restricted resources on vulnerable devices. The exploitation volume is high, with over 170 distinct IP addresses attempting to exploit the vulnerability.
Trend Micro discovered a new attack campaign exploiting the now-patched security bypass bug (CVE-2023-36035) in Windows SmartScreen to spread a new strain of the Phemedrone Stealer. The malware targets cryptocurrency wallets and messaging apps, including Telegram, Steam, and Discord. Diving into details The Phemedrone Stealer infection begins with the attacker placing a set of malicious […]
The authentication bypass flaw in OFBiz allows attackers to remotely execute arbitrary code and access sensitive information. Upgrading to OFBiz version 18.12.11 is crucial to patch both this zero-day vulnerability and another equally serious hole.
While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai researcher Ben Barnea detailed the discovery of two new Windows vulnerabilities, tracked as CVE-2023-35384 and CVE-2023-36710, that were reported to and […]
- 1
- 2