EHA
Huge Surge in Attacks Exploiting Check Point VPN Zero-Day Vulnerability

Huge Surge in Attacks Exploiting Check Point VPN Zero-Day Vulnerability

Check Point published an advisory regarding a critical vulnerability, CVE-2024-24919, which has since seen a surge in exploitation attempts. The vulnerability, rated with a CVSS score of 8.6, allows attackers to access sensitive information on...
13,800+ Internet-Exposed Check Point Gateways Vulnerable To 0-Day Attacks: Poc Released

13,800+ Internet-Exposed Check Point Gateways Vulnerable To 0-Day Attacks: Poc Released

A critical zero-day vulnerability, CVE-2024-24919, has been discovered in Check Point Security Gateways, enabling the IPSec VPN or Mobile Access blades. This vulnerability is actively exploited in the wild, posing a significant threat to...
Beware! Threat Actor Selling Outlook RCE 0-Day on Hacking Forums

Beware! Threat Actor Selling Outlook RCE 0-Day on Hacking Forums

A new threat has emerged on the darker corners of the internet. A threat actor has reportedly put up for sale a Remote Code Execution (RCE) 0-day exploit targeting various versions of Microsoft Outlook,...
Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints Across the Globe

Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints Across the Globe

Security researchers have uncovered four zero-day vulnerabilities within OpenVPN, the world's leading VPN solution. These vulnerabilities pose significant threats to millions of devices globally. These vulnerabilities, identified by the internal codename OVPNX, affect a wide...
ArcaneDoor Hackers Who Exploited Cisco Firewall Zero-Days Linked To China

ArcaneDoor Hackers Who Exploited Cisco Firewall Zero-Days Linked To China

Hackers target Cisco Firewalls due to their widespread use and the potential to exploit vulnerabilities to gain unauthorized access, steal data, and launch cyber attacks. Cisco Talos recently reported on a global campaign dubbed...
CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access

CrushFTP Zero-Day Could Allow Attackers To Gain Complete Server Access

CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0. The vulnerability allows remote attackers with low privileges to bypass the VFS sandbox and read arbitrary files on the underlying filesystem.  It could...
$30 Million Bounty Rewards For Android, iOS, & Chrome Zero-day

$30 Million Bounty Rewards For Android, iOS, & Chrome Zero-day

This year, Crowdfense is expanding its scope to encompass additional major research fields like Enterprise Software, WiFi/Baseband, and Messengers and is proposing a larger 30 million USD acquisition program. Crowdfense is the world's premier research...
Lazarus And The FudModule Rootkit : Beyond BYOVD With An Admin-To-Kernel Zero-Day

Lazarus Hackers Exploited Windows kernel 0-day In The Wild

The Lazarus threat group has been exploiting a Microsoft vulnerability associated with Windows Kernel Privilege Escalation to establish a kernel-level read/write primitive. This vulnerability was previously unknown which exists in the appid.sys AppLocker driver. This...
Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day

Hackers launched 250,000+ Attacks to Exploit Ivanti VPN 0-Day

Ivanti Connect Secure vulnerabilities were disclosed in January 2024 as a potential gateway for threat actors to penetrate corporate networks. The two vulnerabilities, CVE-2023-46805 and CVE-2024-21887 were associated with authentication bypass and arbitrary command...
Google Chrome Zero-day Exploited in the Wild: Patch Now!

Google Chrome Zero-day Exploited in the Wild: Patch Now!

Google has released urgent upgrades to fix the Chrome zero-day high-severity vulnerability that has been widely exploited, which could lead to software crashes or arbitrary code execution. To address the actively exploited zero-day vulnerability, the...

Managed WAF

Website

Latest News