EHA
API vulnerabilities Auto Industry

Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche Expose Owners’ Personal Information

Hackers could have performed malicious activities through API security vulnerabilities in nearly twenty car manufacturers and services. As a result of these vulnerabilities, hackers could be able to perform the following activities:- Unlocking cars  Starting cars  Tracking...
Synology VPN Plus Server

Synology VPN Plus Server Vulnerability Let Attackers Execute Arbitrary Code

In response to a vulnerability with maximum severity that affects routers configured to run as VPN servers, the Taiwan-based NAS maker, Synology has recently released an update to address it. This critical vulnerability was detected...
Unpatched Citrix Servers

Thousands of Unpatched Citrix Servers Vulnerable to Critical Flaws

Two critically important security vulnerabilities that Citrix fixed in recent months, still remain vulnerable on thousands of Citrix gateways and ADCs (Citrix Application Delivery Controller) used across the enterprise. Here are the two security flaws...
Linux Kernel Use-After-Free RCE

Linux Kernel Use-After-Free RCE Vulnerability Let Attackers Execute Arbitrary Code

An emergency security patch was released by Linux recently to fix a kernel-level security critical severity vulnerability.  This vulnerability has achieved a CVSS Score of 10.00, and the vulnerability affects SMB servers that have KSMBD...
Critical Flaw in Passwordstate

Critical Flaw in Passwordstate Enterprise Password Manager Let Attacker Obtain a User’s Passwords

An unauthenticated remote attacker could exploit multiple high-severity vulnerabilities detected in Passwordstate, an online password management solution, to obtain plaintext passwords for users of the service. A Swiss cybersecurity company named Modzero reported to the...
SPNEGO Extended Negotiation Vulnerability

Critical SPNEGO Extended Negotiation Vulnerability Let Attacker Execute Code Remotely

An information disclosure vulnerability was patched by Microsoft in September 2022 which has been found in SPNEGO NEGOEX and this flaw was tracked as CVE-2022-37958. While this vulnerability was reclassified as a "Critical" vulnerability by...
Apple New Webkit Zero-day Flaw

Apple New Webkit Zero-day Flaw Used Actively Used in Attacks Against iPhones

Apple has patched its tenth zero-day vulnerability since the beginning of the year, with the most recent one being actively utilized in attacks against iPhones. Furthermore, Apple said that the bug "may have been actively exploited" against...
Samsung Galaxy S22 Hacked

Samsung Galaxy S22 Hacked Multiple Times at Pwn2Own Hacking Contest Day 1

The Pwn2Own Toronto 2022 hacking contest has started; this year marks the 10th anniversary of the consumer-oriented competition. On the first day of Pwn2Own Toronto 2022, reports of the Samsung Galaxy S22 hack made a...
Ping Vulnerability

Critical Ping Vulnerability Let Hackers Take Over FreeBSD Systems Remotely

A critical vulnerability in the FreeBSD operating system's ping module allows Attackers to execute an arbitrary code and take over the system remotely. Developers of the operating system recently released security updates. CVE-2022-23093 has...
Bug in Honda, Nissan, Toyota Cars App Let Hackers Unlock & Start The Car Remotely

Bug in Honda, Nissan, Toyota Cars App Let Hackers Unlock & Start The Car...

A critical vulnerability uncovered in Honda, Nissan, Infiniti, and Acura vehicle apps lets hackers and law enforcement agencies unlock the car remotely and start the vehicle with a laptop from anywhere in the world. The...