Hackers Actively Exploiting Zero-day Flaw in Ivanti Mobile Endpoint Manager Software
Ivanti ‘s mobile device management software EPMM(Endpoint manager mobile), aka Mobile iron core version lower than 11.8.1.0, was impacted by the actively exploited zero-day vulnerability.
On Sunday, the company released the security patches for the...
Apache OpenMeeting Flaw Allows Server Hijacks and Command Execution
OpenMeetings is an application that can be used for video calls, collaborative work, and presentations. It can also be added as a plugin to Jira, Confluence or Drupal applications.
Recent reports shared by SonarSource,...
Hackers Exploiting Critical Citrix NetScaler Zero-day Flaw To Deploy Webshells
The Cybersecurity and Infrastructure Security Agency (CISA) recently released a security advisory that indicates that threat actors have been exploiting a Zero-day vulnerability in Citrix ADC (Application Delivery Controller) and NetScaler Gateways.
A vulnerability...
P2P Worm Attacking 307,000 Redis Instances on Linux and Windows Systems
P2PInfect is a new P2P worm that is actively targeting the Redis servers on Linux and Windows OS, making it highly scalable and powerful compared to others.
While not all Redis instances are vulnerable, they...
OpenSSH Agent RCE Flaw Let Attackers Execute Arbitrary Commands
Researchers at Qualys discovered a new Remote Code Execution flaw in the OpenSSH.
This flaw exists in OpenSSH's forward ssh-agent. This flaw allows an attacker to execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent.
OpenSSH has...
Chrome 115 Update for Windows, MacOS, and Linux – 20 Vulnerabilities Patched
Google released Chrome 115 to the stable channel for Windows, MacOS, and Linux on Tuesday, patching 20 vulnerabilities, including 11 that were discovered by external researchers.
Four security issues were assessed to be of "high severity,"...
New Jailbreak Attacks are revealed in LLM Chatbots like ChatGPT
LLMs have reshaped content generation, making understanding jailbreak attacks and prevention techniques challenging. Surprisingly, there's a scarcity of public disclosures on countermeasures employed in chatbot services that are commercial LLM-based.
A practical study has been...
Cisco SD-WAN vManage Flaw: Let Attackers Escalate Privileges
A critical severity vulnerability has been detected in the request authentication validation for the REST API of the Cisco SD-WAN vManage software. Cisco released a security warning alerting users to the CVE-2023-20214 critical vulnerability.
This...
QuickBlox Framework Security Flaws Exposes Millions of Users Sensitive Data
Recent reports from Team82 and Check Point Research (CPR) team state that there has been a major vulnerability in QuickBlox SDK (Software Development Kit) and API (Application Programming Interface) that is used for developing...
Fortinet Critical Flaw: Let a Remote Attacker Execute Arbitrary Code
A 'critical' severity flaw has been detected in FortiOS and FortiProxy, identified as CVE-2023-33308 (CVSS rating 9.8). A remote attacker can use the vulnerability on susceptible devices to execute Fortinet arbitrary code.
“A stack-based overflow vulnerability in...