EHA
CocoaPods Vulnerability iOS macOS

CocoaPods Vulnerability Exposes iOS & macOS Apps To Supply Chain Attacks

Multiple vulnerabilities in the CocoaPods dependency manager have been identified, posing a significant risk of supply chain attacks. The flaw enables any malicious actor to take control of thousands of unclaimed pods and inject malicious...
Indirector Side-channel Attack

Intel CPU Vulnerability: Indirector Injection Attack Leads to Sensitive Data Leak

Researchers from the University of California have unveiled a novel high-precision Branch Target Injection (BTI) attack, dubbed "Indirector," that exploits vulnerabilities in the Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB) of...
Cisco NX-OS Zero-Day Command Injection Flaw Under Active Attack

Cisco NX-OS Zero-Day Command Injection Flaw Under Active Attack

A critical vulnerability in the Command Line Interface (CLI) of Cisco NX-OS Software is currently under active exploitation, allowing attackers to execute arbitrary commands as root on affected devices. This zero-day flaw, identified as...
Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities

Toshiba Multi-Function Printers Impacted by 40+ Vulnerabilities

Several new vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs) that are used by businesses and organizations worldwide. These vulnerabilities affect 103 different models of Toshiba Multi-Function Printers.  Vulnerabilities identified include Remote Code...
PoC Exploit Published for Linux Kernel Privilege Escalation Flaw

PoC Exploit Published for Linux Kernel Privilege Escalation Flaw

A critical use-after-free vulnerability has been discovered in the Linux kernel's netfilter subsystem. This vulnerability could potentially allow local, unprivileged users with CAP_NET_ADMIN capability to escalate their privileges. The flaw, identified in the upstream commit...
Water Sigbin Hackers Exploit Oracle WebLogic Vulnerabilities

Water Sigbin Hackers Exploit Oracle WebLogic Vulnerabilities

Cybersecurity researchers uncovered a sophisticated attack campaign by the Water Sigbin (aka 8220 Gang) threat actor that exploited vulnerabilities in the Oracle WebLogic Server, notably CVE-2017-3506 and CVE-2023-21839, to deploy the XMRig cryptocurrency miner...
Hackers Created 250 npm Packages, Mimicking Popular AWS And Microsoft Projects

Hackers Created 250 npm Packages, Mimicking Popular AWS And Microsoft Projects

Hackers target and abuse npm packages to inject malicious code into widely used software libraries, reaching many developers and applications. Sonatype security researchers recently identified more than 250 npm packages that mimic popular AWS, Microsoft,...
Juniper Session Smart Router Flaw Let Attackers Bypass Vulnerability

Juniper Session Smart Router Flaw Let Attackers Bypass Vulnerability

Juniper Networks has disclosed a critical vulnerability (CVE-2024-2973) affecting its Session Smart Router (SSR) and Session Smart Conductor products. The flaw allows network-based attackers to bypass authentication and gain complete control of the device...
AI Assistant Rabbit R1’s Code Vulnerability Exposes Users Data

AI Assistant Rabbit R1’s Code Vulnerability Exposes Users Data

Rabbitude, a group of developers and researchers, has exposed a security vulnerability in Rabbit's R1 AI assistant. The group discovered that API keys were hardcoded into the company's codebase, a practice that is widely considered...
WordPress Releases Urgent Security Update to Patch XSS and Path Traversal Flaws

WordPress Releases Urgent Security Update to Patch XSS and Path Traversal Flaws

WordPress has released an urgent security update, version 6.5.5, addressing critical vulnerabilities that could potentially compromise the security of millions of websites. This minor release, which also includes three bug fixes in the core,...

Managed WAF

Website

Latest News