Spotify’s Backstage has been identified as vulnerable to a significant security flaw that could allow remote code execution through the exploitation of a recently disclosed bug in a third-party module. This vulnerability has been assigned a CVSS score of 9.8, indicating a critical risk level. At the core of the…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has reported a security breach involving a federal agency, attributed to threat actors affiliated with the Iranian government. The attackers exploited the Log4Shell vulnerability found in an unpatched VMware Horizon server, demonstrating a sophisticated exploitation technique. The breach, which occurred between mid-June…
Amazon Web Services (AWS) has addressed a significant cross-tenant vulnerability within its platform that could allow unauthorized access to resources. This issue, characterized as a “confused deputy problem,” pertains to a form of privilege escalation where an entity lacking permissions can manipulate a more privileged entity into performing actions on…
Acer Addresses Security Vulnerability in Firmware Update Acer has issued a critical firmware update to mitigate a significant security flaw that could potentially disable UEFI Secure Boot on a range of its devices. This vulnerability, classified as CVE-2022-4020, affects several models including the Aspire A315-22, A115-21, A315-22G, as well as…
A serious security vulnerability has been identified in the Quarkus Java framework, exposing systems to the potential risk of remote code execution. This flaw has been assigned CVE-2022-4116 and carries a CVSS score of 9.8, indicating a high severity level. Importantly, this vulnerability can be exploited by malicious actors without…
In a concerning development for cybersecurity, a newly identified strain of Go-based malware is specifically targeting Redis servers, aiming to take control of these systems and potentially form a botnet. This malware, referred to as Redigo, exploits a critical vulnerability in the open-source, in-memory key-value store disclosed earlier this year,…
IBM Addresses Serious Security Flaw in Cloud Databases for PostgreSQL IBM has recently patched a significant security vulnerability within its IBM Cloud Databases (ICD) for PostgreSQL service. This flaw, classified with a CVSS score of 8.8 and termed “Hell’s Keychain” by the cybersecurity firm Wiz, poses risks that could allow…
On Friday, Google issued an urgent out-of-band security update to address a newly discovered zero-day vulnerability affecting its Chrome web browser. This flaw, designated as CVE-2022-4262, is a type confusion bug in the V8 JavaScript engine that has already been leveraged in active exploitation. Discovered and reported by Clement Lecigne…
The FreeBSD operating system maintainers have issued updates addressing a critical security vulnerability in the ping module, which could be exploited to crash the application or execute code remotely. This vulnerability, identified as CVE-2022-23093, affects all supported FreeBSD versions and involves a stack-based buffer overflow triggered by maliciously crafted packets.…