Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws, all critical in nature, allow an “adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine,” Australian cybersecurity […]
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said. “To exploit this […]
A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3. […]
As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems. “By exploiting the drivers, an attacker without privilege may erase/alter firmware, and/or elevate [operating system] privileges,” Takahiro […]
A medium-severity flaw has been discovered in Synology’s DiskStation Manager (DSM) that could be exploited to decipher an administrator’s password and remotely hijack the account. “Under some rare conditions, an attacker could leak enough information to restore the seed of the pseudorandom number generator (PRNG), reconstruct the admin password, and remotely take over the admin […]
Threat actors targeting macOS have increased lately as there were several cases of macOS information stealer malware found in the past, and many are being currently exploited in the wild. According to reports, there was a new macOS malware found that is capable of taking over the complete macOS system without any permission required from […]
Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks. Mastodon is known for its federated model, consisting of thousands of separate servers called “instances,” and it has over 14 million users across more than 20,000 instances. The most critical vulnerability, […]
A serious flaw has been found in WooCommerce, a popular plug-in for managing online businesses that are built on the WordPress platform. This flaw might enable cybercriminals to take control of websites. Nevertheless, the WooCommerce team has provided fixes, and attackers are able to reverse-engineer the patch. Technical specifics concerning the vulnerability have not yet […]
Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks. The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular repository namespace retirement, which aims to prevent developers from pulling unsafe repositories with the same […]
3 vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated threat actor to remotely execute arbitrary code or cause a denial of service (DoS) condition on the router. Affected Products Vulnerable ProductsCVE-2022-20827 and CVE-2022-20841 affect the following Cisco products: RV160 VPN Routers RV160W Wireless-AC VPN Routers RV260 VPN […]
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 […]
Cybersecurity specialists reported the detection of multiple flaws in the Mozilla Thunderbird multiplatform email client, which successful exploitation would allow malicious hackers to perform several attack scenarios on target systems. Below are brief descriptions of the reported flaws and their respective tracking key and scores assigned according to the Common Vulnerability Scoring System (CVSS). CVE-2022-31736: […]
Security researchers have disclosed a security issue that could have allowed attackers to weaponize the VirusTotal platform as a conduit to achieve remote code execution (RCE) on unpatched third-party sandboxing machines employed antivirus engines. The flaw, now patched, made it possible to “execute commands remotely within [through] VirusTotal platform and gain access to its various […]
Cybersecurity specialists from Juniper Networks announced the release of multiple security patches to address more than 30 flaws in their products, including critical bugs in Contrail Networking and Junos OS. According to the report, at least seven of these flaws received scores above 9/10 according to the Common Vulnerability Scoring System (CVSS). First, the alert […]
During the November 2021 Patch Tuesday Two Active Directory domain service privilege escalation security flaws have been detected recently by Andrew Bartlett of Catalyst IT, and these two security flaws allow hackers to take over Windows domains easily when they are united. Microsoft suggested users to immediately patch these two Active Directory domain service privilege […]
If exploited, an unauthenticated, remote attacker can execute code as a “nobody user” in the device meaning attacker would get root access and gain full control of the device. SonicWall, a renowned network security vendor is urging users to immediately update their SMA 100 [PDF] series devices with the latest version after detecting multiple security […]
Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been weaponized by a malicious actor “to access other customers’ information” in what the researchers described as the “first cross-account container takeover in the public cloud.” An attacker exploiting the weakness could execute malicious commands on other […]
Nginx security teams published a report related to a critical vulnerability in their DNS resolution implementation. Tracked as CVE-2021-23017, successful exploitation of this vulnerability would allow threat actors to take full control of affected systems. The flaw does not yet receive a score in the Common Vulnerability Scoring System (CVSS). The risk increases because the […]
Using a zero-click exploit, an attacker could have taken complete control of any iPhone within Wi-Fi range in seconds
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from […]
The researcher has found a way to hack Instagram accounts in minutes. As it turns out, a new Instagram login vulnerability that could allow potential hackers to bypass two-factor authentication. Instagram Login vulnerability detected As reported in a recent blog post, researcher Laxman Moutia noticed an error that threatened Instagram users. He discovered an Instagram […]