EHA
iOS Zero-Day

Warning! Apple Fixes Actively Exploited iOS Zero-Day on iPhones & iPads

In an effort to ensure the safety and security of its customers, Apple has taken the necessary steps to address a potentially dangerous vulnerability that has been marked as "Zero-Day" by releasing updates for...
End-of-life Cisco VPN Routers

Over 19,000 End-of-life Cisco VPN Routers Open for RCE Attacks

Censys recently reported that there are 19,500 end-of-life Cisco VPN routers being used by individuals and small businesses on the internet that may be at risk of being targeted by a new attack.  Using a...
Galaxy Store Flaw

Exploit Released for Galaxy Store Flaw That Let Attacker Install Malware

Researchers from the NCC Group detected two flaws in the Galaxy App Store application between November 23 and December 3, 2022. Two flaws in Samsung's official app store, the Galaxy App Store, might let attackers...
Vulnerability Management Tools

10 Best Vulnerability Management Tools – 2023

Vulnerability Management Tools are playing a major role to detect, analyze and patching vulnerabilities in web and network-based applications. Vulnerability, risk, and threat are the most common words used when it comes to security....
EmojiDeploy Vulnerability

EmojiDeploy Vulnerability in Azure Let Attackers Execute Remote Code

The use of a set of methods to take advantage of vulnerabilities like misconfigurations and poor security protocols in a popular Azure service is bringing attention to the issue of cloud security visibility, showing...
Azure Services Vulnerability

Microsoft Azure Services Vulnerability Let Attackers Gain Unauthorized Access

Orca recently conducted an investigation into several Microsoft Azure services and discovered four instances where various services were uncovered to be susceptible to a Server Side Request Forgery (SSRF) attack. There are two certain weaknesses...
JsonWebToken Flaw

9 Million Times Downloaded JsonWebToken Flaw Let Attackers Execute Remote Code

During the course of investigating the popular open-source project JsonWebToken, Unit 42 researchers discovered a new vulnerability. The cybersecurity analysts tracked the flaw as CVE-2022-23529 and this flaw has been rated as high severity...
Zoho ManageEngine Flaw

Zoho Urged Customers to Patch Critical SQL Injection Vulnerability Immediately

Customers have been asked by Zoho to patch a critical security flaw impacting several ManageEngine products. "This security advisory is to let you know that critical security vulnerability was detected," according to Zoho.  Zoho ManageEngine servers...
API vulnerabilities Auto Industry

Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche Expose Owners’ Personal Information

Hackers could have performed malicious activities through API security vulnerabilities in nearly twenty car manufacturers and services. As a result of these vulnerabilities, hackers could be able to perform the following activities:- Unlocking cars  Starting cars  Tracking...
Synology VPN Plus Server

Synology VPN Plus Server Vulnerability Let Attackers Execute Arbitrary Code

In response to a vulnerability with maximum severity that affects routers configured to run as VPN servers, the Taiwan-based NAS maker, Synology has recently released an update to address it. This critical vulnerability was detected...