370+ Ivanti Connect Secure Exploiting Using 0-day Vulnerability (CVE-2025-0282)
Over 379 Ivanti Connect Secure (ICS) devices were found to be backdoored following the exploitation of a critical zero-day vulnerability, CVE-2025-0282.
The backdoors installed by attackers allow persistent access to the compromised systems, enabling data...
.webp?w=324&resize=324,235&ssl=1 "GitHub CLI RCE Vulnerability Let Attackers Execute Malicious Commands")
GitHub CLI RCE Vulnerability Let Attackers Execute Malicious Commands
A critical security vulnerability has been discovered in GitHub CLI that could allow attackers to execute malicious commands on a user's system through remote code execution (RCE).
The flaw, identified as CVE-2024-32002, affects versions...
PoC Exploit Released For Windows Kernel-Mode Drivers Privilege Escalation Flaw
A critical vulnerability in Windows Kernel-Mode Drivers has been exposed with the release of a Proof-of-Concept (PoC) exploit, allowing attackers to escalate privileges to SYSTEM level.
The vulnerability, identified as CVE-2024-35250, affects various versions...
Researchers Exploit Reflected Input with HTTP Range Header To Bypass Browser Restriction
Security researchers have uncovered a technique that takes previously unexploitable reflected input vulnerabilities and turns them into fully functional attacks through clever use of HTTP Range headers.
The findings highlight a new potential threat...
PoC Exploit Released For Apache Struts Remote Code Execution Vulnerability
A proof-of-concept (PoC) exploit for the critical Apache Struts vulnerability, CVE-2024-53677, has been publicly released, raising alarm across the cybersecurity community.
This vulnerability, which scores a 9.5 on the CVSS scale, allows attackers to execute...
Linux System ‘noexec’ Mount Flag Flaw Allows Malicious Code Execution
A recent discovery in the Linux ecosystem has unveiled a method to bypass the 'noexec' mount flag, enabling malicious code execution on systems that were previously thought to be secure.
This vulnerability exploits a...
Popular Java Framework pac4j Vulnerable To RCE Attacks
A critical security vulnerability has been identified in the popular Java security framework, pac4j, specifically affecting versions prior to 4.0.
This vulnerability tracked as CVE-2023-25581, allows for remote code execution (RCE), posing a significant...
ShadowSyndicate Hackers Exploit Aiohttp Vulnerability To Steal Sensitive Data
A directory traversal vulnerability (CVE-2024-23334) was identified in aiohttp versions before 3.9.2.
This vulnerability allows remote attackers to access sensitive files on the server because aiohttp doesn't validate file reading within the root directory...
Critical PHP Vulnerability CVE-2024-4577 Actively Exploited in the Wild
A critical vulnerability in PHP, tracked as CVE-2024-4577, is being actively exploited by threat actors in wild just days after its public disclosure in June 2024. The flaw affects PHP installations running in CGI...
Critical SolarWinds Web Help Desk Vulnerability Exposes Systems To Remote Attack
A critical vulnerability has been identified in SolarWinds Web Help Desk, potentially allowing attackers to execute remote code on affected systems.
The Trend Micro Zero Day Initiative (ZDI) team discovered the flaw, designated CVE-2024-28988.
This...
Recent Posts
FBI Warns of File Convertor Tools Used to Deploy Ransomware
The Federal Bureau of Investigation's Denver Field Office has issued an urgent alert regarding a sophisticated cybersecurity threat that has been increasingly targeting individuals...