Vulnerability

BMC (Baseboard Management Controller) firmware from Lanner has been found to contain over a dozen vulnerabilities that could allow remote attacks to be launched against OT and IoT networks. As a result of analyzing an...

There have been two high-severity security vulnerabilities recently discovered and patched by the OpenSSL Project in its open-source cryptographic library.  Encryption of communication channels and HTTPS connections is achieved through the use of this cryptographic...

An intrusion was detected by The DFir Report in early June 2022 that leveraged the Follina vulnerability, CVE-2022-30190 to gain initial access. Apart from getting initial access it also initiated the infection chain of...

A high-severity security flaw has been patched recently by GitHub on September 19, 2022, and it's a cloud-based repository hosting service. By exploiting this vulnerability, malicious repositories could have been created and attacks on...

In order to address a potentially exploitable zero-day vulnerability discovered in recent attacks on Google's Chrome desktop web browser, Google has released a security update as an emergency fix. The vulnerability has been tracked as...

In the JavaScript sandbox library vm2, the cybersecurity analysts at Oxeye research team have recently found a severe RCE flaw dubbed, "Sandbreak." Through the NPM package repository, the vm2 sandbox library achieves a total of...

The CISA has recently published a joint CSA with the NSA and the FBI about the top CVEs that are exploited by the threat actors since 2020 and the threat actors are Chinese state-sponsored. Chinese...

Researchers found that there are thousands of TP-Link routers used all over the globe that are vulnerable to exploitation by several hacking groups. Hackers from the following countries may be able to exploit these vulnerable...

Two critical zero-day vulnerability that WhatsApp had been known to exploit was silently fixed by WhatsApp. As a result of these security flaws, attackers would be able to remotely execute arbitrary code on both...

Earlier, in August 2022, Vectra researchers discovered an attack path that let attackers with file system access to steal credentials for any Microsoft Teams user who is signed in. Reports say the attackers don’t require...