EHA
Hackers Actively Exploiting zero-day Flaw in Ivanti Mobile Endpoint Manager Software

Hackers Actively Exploiting Zero-day Flaw in Ivanti Mobile Endpoint Manager Software

Ivanti ‘s mobile device management software EPMM(Endpoint manager mobile), aka Mobile iron core version lower than 11.8.1.0, was impacted by the actively exploited zero-day vulnerability.  On Sunday, the company released the security patches for the...
Apache OpenMeeting Flaw

Apache OpenMeeting Flaw Allows Server Hijacks and Command Execution

OpenMeetings is an application that can be used for video calls, collaborative work, and presentations. It can also be added as a plugin to Jira, Confluence or Drupal applications. Recent reports shared by SonarSource,...
Citrix NetScaler Hackers Webshells

Hackers Exploiting Critical Citrix NetScaler Zero-day Flaw To Deploy Webshells

The Cybersecurity and Infrastructure Security Agency (CISA) recently released a security advisory that indicates that threat actors have been exploiting a Zero-day vulnerability in Citrix ADC (Application Delivery Controller) and NetScaler Gateways. A vulnerability...
P2P Worm Redis Instances

P2P Worm Attacking 307,000 Redis Instances on Linux and Windows Systems

P2PInfect is a new P2P worm that is actively targeting the Redis servers on Linux and Windows OS, making it highly scalable and powerful compared to others. While not all Redis instances are vulnerable, they...
OpenSSH RCE Flaw

OpenSSH Agent RCE Flaw Let Attackers Execute Arbitrary Commands

Researchers at Qualys discovered a new Remote Code Execution flaw in the OpenSSH.  This flaw exists in OpenSSH's forward ssh-agent. This flaw allows an attacker to execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent. OpenSSH has...
Chrome 115 Update for Windows, MacOS, and Linux – 20 Vulnerabilities Patched

Chrome 115 Update for Windows, MacOS, and Linux – 20 Vulnerabilities Patched

Google released Chrome 115 to the stable channel for Windows, MacOS, and Linux on Tuesday, patching 20 vulnerabilities, including 11 that were discovered by external researchers. Four security issues were assessed to be of "high severity,"...
New Jailbreak Attacks Uncovered in LLM chatbots like ChatGPT

New Jailbreak Attacks are revealed in LLM Chatbots like ChatGPT

LLMs have reshaped content generation, making understanding jailbreak attacks and prevention techniques challenging. Surprisingly, there's a scarcity of public disclosures on countermeasures employed in chatbot services that are commercial LLM-based. A practical study has been...
Cisco SD-WAN vManage Flaw: Let Attackers Escalate Privileges

Cisco SD-WAN vManage Flaw: Let Attackers Escalate Privileges

A critical severity vulnerability has been detected in the request authentication validation for the REST API of the Cisco SD-WAN vManage software. Cisco released a security warning alerting users to the CVE-2023-20214 critical vulnerability. This...
QuickBlox Security Flaws

QuickBlox Framework Security Flaws Exposes Millions of Users Sensitive Data

Recent reports from Team82 and Check Point Research (CPR) team state that there has been a major vulnerability in QuickBlox SDK (Software Development Kit) and API (Application Programming Interface) that is used for developing...
FortiOS RCE Flaw

Fortinet Critical Flaw: Let a Remote Attacker Execute Arbitrary Code

A 'critical' severity flaw has been detected in FortiOS and FortiProxy, identified as CVE-2023-33308 (CVSS rating 9.8). A remote attacker can use the vulnerability on susceptible devices to execute Fortinet arbitrary code. “A stack-based overflow vulnerability in...

Managed WAF

Website

Latest News