Critical Vulnerability Exposes Adobe Commerce and Magento Stores to Exploits Recent cybersecurity research indicates that a significant 5% of all Adobe Commerce and Magento stores have been compromised due to a serious security vulnerability named CosmicSting. This development underscores the escalating risk that online retailers are facing in the digital…
SolarWinds has recently addressed a series of critical security vulnerabilities within its Access Rights Manager (ARM) software that pose significant risks to users. These vulnerabilities could be exploited by malicious actors to gain unauthorized access to sensitive information or to execute arbitrary code, making this a pressing concern for businesses…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog, adding two significant security vulnerabilities linked to active exploitation. These vulnerabilities highlight persistent risks for organizations, particularly those within the federal sphere, and underscore the importance of timely mitigation strategies. The first vulnerability,…
A recent malware campaign has targeted Cisco networking equipment, exploiting two previously unknown vulnerabilities identified as zero-day flaws to deliver customized malware and conduct covert data collection in targeted environments. Cisco Talos, naming this operation “ArcaneDoor,” has attributed the attacks to UAT4356, an advanced state-sponsored group also known as Storm-1849…
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added a significant vulnerability related to Jenkins to its Known Exploited Vulnerabilities (KEV) catalog due to its exploitation in ransomware attacks. This vulnerability, designated as CVE-2024-23897 with a critical CVSS score of 9.8, is classified as a path traversal flaw that…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a significant security vulnerability affecting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation. This medium-severity flaw, identified as CVE-2024-39717 with a CVSS score of 6.6, is categorized as a file upload vulnerability, specifically…
Critical Apache OFBiz Vulnerability Identified by CISA The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently identified a significant security vulnerability affecting the Apache OFBiz open-source enterprise resource planning (ERP) system, adding it to its Known Exploited Vulnerabilities (KEV) catalog. This fresh entry follows evidence of active exploitation observed…
The FBI and CISA Release Advisory Addressing New Ransomware Threats The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint advisory aimed at mitigating the rising threat of ransomware attacks, as part of their ongoing #StopRansomware initiative. Released on August 29, 2023, the advisory, identified as…
