A serious vulnerability has been uncovered in the Amazon Elastic Container Registry (ECR) Public Gallery, which could have been leveraged for various attacks, as reported by the cybersecurity firm Lightspin. The flaw poses critical risks, enabling malicious actors to delete images stored in the gallery or replace them with versions…
On Tuesday, the U.S. National Security Agency (NSA) issued a warning regarding a cyber threat from a group known as APT5, or Bronze Fleetwood, which has been actively exploiting a zero-day vulnerability in Citrix Application Delivery Controller (ADC) and Gateway systems. This security flaw, cataloged as CVE-2022-27518, represents a critical…
As the demand for web applications grows, particularly those delivered as Software as a Service (SaaS), businesses worldwide heavily rely on these platforms. SaaS solutions are pivotal in transforming operational efficiencies across various sectors, including finance, healthcare, and education. However, while many Chief Technology Officers (CTOs) in startups grasp the…
Microsoft has recently escalated the severity rating of a previously patched security vulnerability from September 2022, now classifying it as “Critical.” This update follows findings that the vulnerability poses risks of remote code execution, significantly heightening its threat level. Identified as CVE-2022-37958 with a CVSS score of 8.1, the issue…
The open-source software suite Samba has issued critical updates to address several high-severity vulnerabilities that pose significant risks to system security. If exploited, these flaws could allow unauthorized users to gain control over the affected systems. The vulnerabilities, identified as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in the…
Fortinet has identified a critical vulnerability impacting its FortiADC application delivery controller that has the potential for arbitrary code execution. This flaw, categorized as CVE-2022-39947 with a CVSS score of 8.6, affects several FortiADC versions, including 7.0.0 to 7.0.2, 6.2.0 to 6.2.3, and several earlier versions down to 5.4.0. According…
High-Severity Flaw in jsonwebtoken Library Poses Remote Code Execution Risk A significant security vulnerability has been discovered in the widely used open-source jsonwebtoken (JWT) library, which could allow attackers to execute arbitrary code on servers processing maliciously crafted JSON web token requests. This issue has been tracked as CVE-2022-23529 and…
A recently identified and now-resolved vulnerability in Google Chrome and Chromium-based browsers has emerged, posing a significant risk. If exploited, this vulnerability could allow attackers to gain unauthorized access to sensitive files containing confidential information. According to Ron Masas, a researcher at Imperva, the vulnerability stems from the improper handling…
Exploitation of FortiOS SSL-VPN Zero-Day Vulnerability Targets Government Entities A critical zero-day vulnerability in FortiOS SSL-VPN was exploited by unknown threat actors in recent attacks, targeting governmental and other large organizations, as reported by Fortinet. This vulnerability, identified as CVE-2022-42475, is a heap-based buffer overflow flaw that permits unauthenticated remote…