3 New Apple Zero-day Vulnerabilities Patched in Emergency Update
Three new vulnerabilities have been discovered in multiple Apple products, including iPhone (iOS), iPadOS, watchOS, Safari, macOS and multiple versions of these products. These vulnerabilities have been confirmed as a Zero-Day by Apple.
In response...
Papercut Print Manager Flaw Let Attackers Perform Sophisticated Attacks
The PaperCutNG Mobility Print 1.0.3512 application has been identified to have a cross-site request forgery vulnerability that leads to sophisticated phishing attacks.
This vulnerability exists because the application lacks CSRF defenses such as anti-CSRF tokens, header...
Atos Unify Vulnerabilities Let Attacker Execute Remote Code
Two vulnerabilities have been identified on three Atos Unify OpenScape products, SBC, Branch, and BCF, which are associated with Missing authentication and Authenticated Remote code execution.
One of the vulnerabilities allows threat actors to execute...
Silent Skimmer Group Attacking Online Shopping Websites
The "Silent Skimmer" is a financially motivated group that has been detected targeting vulnerable online payment infrastructure, such as online businesses and Point of Sales (POS) providers.
They are mostly active in the Asia-Pacific (APAC)...
Konni APT Exploits WinRAR Vulnerability To Attack Financial & Crypto Industries
Konni, a North Korean APT group, launched the first attack against the cryptocurrency industry, exploiting a recently found WinRAR vulnerability tagged as CVE-2023-38831.
According to the study, Konni's decision to focus on the cryptocurrency market was unusual;...
Trend Micro Zero-day Vulnerability Let Attackers Run Arbitrary Code
If you are using Trend Micro Apex One, be aware that there may be a vulnerability in the third-party Antivirus uninstaller module. This vulnerability could potentially allow for arbitrary code execution.
While the National Vulnerability...
Fortinet FortiOS Flaw Let Attacker Execute Malicious JavaScript Code
A high-severity cross-site scripting (XSS) vulnerability tracked as (CVE-2023-29183) affecting several FortiOS and FortiProxy versions has been patched by Fortinet.
Additionally, the cybersecurity firm provided updates for a high-severity flaw in FortiWeb, tracked as (CVE-2023-34984).
“A cyber...
Mozilla Zero-Day Vulnerability Exploited in the Wild – Patch Now!
In a race against the clock to protect user security, major browser vendors, including Google and Mozilla, have rushed to release critical updates in response to a critical vulnerability discovered in the WebP Codec.
This...
GitHub Vulnerability Let Attackers Hijack Thousands of Repositories
Researchers uncover a novel Github vulnerability that might let an attacker exploit a race condition in GitHub's repository creation and username renaming operations.
A Repojacking attack may be carried out using this method. Exploiting this issue...
Kubernetes Command Injection Flaw Allows SYSTEM Code Execution
As per recent reports, Kubernetes has been discovered with a remote code execution vulnerability, which could allow a threat actor to execute code on the affected Windows endpoints inside a Kubernetes Cluster with SYSTEM...