A serious security vulnerability has been identified in the Quarkus Java framework, exposing systems to the potential risk of remote code execution. This flaw has been assigned CVE-2022-4116 and carries a CVSS score of 9.8, indicating a high severity level. Importantly, this vulnerability can be exploited by malicious actors without…
In a concerning development for cybersecurity, a newly identified strain of Go-based malware is specifically targeting Redis servers, aiming to take control of these systems and potentially form a botnet. This malware, referred to as Redigo, exploits a critical vulnerability in the open-source, in-memory key-value store disclosed earlier this year,…
IBM Addresses Serious Security Flaw in Cloud Databases for PostgreSQL IBM has recently patched a significant security vulnerability within its IBM Cloud Databases (ICD) for PostgreSQL service. This flaw, classified with a CVSS score of 8.8 and termed “Hell’s Keychain” by the cybersecurity firm Wiz, poses risks that could allow…
On Friday, Google issued an urgent out-of-band security update to address a newly discovered zero-day vulnerability affecting its Chrome web browser. This flaw, designated as CVE-2022-4262, is a type confusion bug in the V8 JavaScript engine that has already been leveraged in active exploitation. Discovered and reported by Clement Lecigne…
The FreeBSD operating system maintainers have issued updates addressing a critical security vulnerability in the ping module, which could be exploited to crash the application or execute code remotely. This vulnerability, identified as CVE-2022-23093, affects all supported FreeBSD versions and involves a stack-based buffer overflow triggered by maliciously crafted packets.…
A zero-day vulnerability in Internet Explorer has been exploited by a North Korean threat actor, specifically targeting South Korean users. The attack exploits the heightened public sensitivity surrounding the recent Itaewon Halloween crowd crush incident, leveraging social engineering tactics to entice victims into downloading malware. This discovery was detailed by…
Increased TrueBot Infections Target Multiple Countries Recent reports from cybersecurity experts indicate a surge in infections linked to TrueBot malware, notably affecting countries such as Mexico, Brazil, Pakistan, and the United States. The rise in these attacks highlights a shift in tactics employed by the attackers, who have transitioned from…
Fortinet Releases Critical Security Patches for SSL-VPN Vulnerability On Monday, Fortinet announced the release of emergency patches responding to a significant security vulnerability discovered in its FortiOS SSL-VPN product. This vulnerability is currently experiencing active exploitation in the wild, emphasizing the urgency for organizations to apply the updates promptly. The…
A serious vulnerability has been uncovered in the Amazon Elastic Container Registry (ECR) Public Gallery, which could have been leveraged for various attacks, as reported by the cybersecurity firm Lightspin. The flaw poses critical risks, enabling malicious actors to delete images stored in the gallery or replace them with versions…