Warning! Apple Fixes Actively Exploited iOS Zero-Day on iPhones & iPads
In an effort to ensure the safety and security of its customers, Apple has taken the necessary steps to address a potentially dangerous vulnerability that has been marked as "Zero-Day" by releasing updates for...
Over 19,000 End-of-life Cisco VPN Routers Open for RCE Attacks
Censys recently reported that there are 19,500 end-of-life Cisco VPN routers being used by individuals and small businesses on the internet that may be at risk of being targeted by a new attack.
Using a...
Exploit Released for Galaxy Store Flaw That Let Attacker Install Malware
Researchers from the NCC Group detected two flaws in the Galaxy App Store application between November 23 and December 3, 2022.
Two flaws in Samsung's official app store, the Galaxy App Store, might let attackers...
10 Best Vulnerability Management Tools – 2023
Vulnerability Management Tools are playing a major role to detect, analyze and patching vulnerabilities in web and network-based applications. Vulnerability, risk, and threat are the most common words used when it comes to security....
EmojiDeploy Vulnerability in Azure Let Attackers Execute Remote Code
The use of a set of methods to take advantage of vulnerabilities like misconfigurations and poor security protocols in a popular Azure service is bringing attention to the issue of cloud security visibility, showing...
Microsoft Azure Services Vulnerability Let Attackers Gain Unauthorized Access
Orca recently conducted an investigation into several Microsoft Azure services and discovered four instances where various services were uncovered to be susceptible to a Server Side Request Forgery (SSRF) attack.
There are two certain weaknesses...
9 Million Times Downloaded JsonWebToken Flaw Let Attackers Execute Remote Code
During the course of investigating the popular open-source project JsonWebToken, Unit 42 researchers discovered a new vulnerability.
The cybersecurity analysts tracked the flaw as CVE-2022-23529 and this flaw has been rated as high severity...
Zoho Urged Customers to Patch Critical SQL Injection Vulnerability Immediately
Customers have been asked by Zoho to patch a critical security flaw impacting several ManageEngine products. "This security advisory is to let you know that critical security vulnerability was detected," according to Zoho.
Zoho ManageEngine servers...
Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche Expose Owners’ Personal Information
Hackers could have performed malicious activities through API security vulnerabilities in nearly twenty car manufacturers and services. As a result of these vulnerabilities, hackers could be able to perform the following activities:-
Unlocking cars
Starting cars
Tracking...
Synology VPN Plus Server Vulnerability Let Attackers Execute Arbitrary Code
In response to a vulnerability with maximum severity that affects routers configured to run as VPN servers, the Taiwan-based NAS maker, Synology has recently released an update to address it.
This critical vulnerability was detected...