Cybersecurity experts have identified a critical vulnerability in the PostgreSQL open-source database system, potentially allowing unprivileged users to manipulate environment variables. This security flaw, categorized as CVE-2024-10979, carries a CVSS severity score of 8.8, indicating significant risks associated with its exploitation. Environment variables serve as user-defined settings that enable programs…
A security vulnerability in Fortinet’s FortiClient for Windows has been exploited by the threat group known as **BrazenBamboo**, allowing them to extract VPN credentials using a modular framework named **DEEPDATA**. This exploitation was disclosed by Volexity, which reported the zero-day vulnerability’s emergence in July 2024. BrazenBamboo is also linked to…
Palo Alto Networks Identifies Zero-Day Exploit in PAN-OS Firewall Palo Alto Networks has recently unveiled crucial indicators of compromise (IoCs) following the confirmation of a zero-day vulnerability within its PAN-OS firewall management interface. This vulnerability has reportedly been targeted and actively exploited by threat actors in real-world scenarios. The company…
A significant authentication bypass vulnerability has been revealed in the Really Simple Security plugin for WordPress, previously known as Really Simple SSL. This security flaw poses a serious threat, as it allows a malicious actor to remotely obtain full administrative access to affected websites, potentially compromising sensitive data and functionalities.…
Recently patched security vulnerabilities affecting Progress Kemp LoadMaster and VMware vCenter Server have been reported as actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) highlighted the severity of these issues on Monday, adding CVE-2024-1212—which has received a maximum severity score of 10.0—to its Known Exploited…
Recent investigations by Lumen Technologies have unveiled the significant role of the Ngioweb malware in powering the well-known residential proxy service NSOCKS, along with related services such as VN5Socks and Shopsocks5. This revelation highlights the ongoing misuse of this malware in various cybercriminal operations. The telemetry data from Black Lotus…
Oracle has issued a warning regarding a critical security vulnerability in its Agile Product Lifecycle Management (PLM) Framework, which has been actively exploited in real-world scenarios. The flaw, designated as CVE-2024-21287, boasts a CVSS score of 7.5, indicating its severity and potential impact. This vulnerability is particularly concerning because it…
Apple Addresses Zero-Day Vulnerabilities in Major Security Update In a swift response to emerging threats, Apple has deployed critical security updates across its operating systems, including iOS, iPadOS, macOS, visionOS, and Safari. These updates are aimed at mitigating two zero-day vulnerabilities that have reportedly been exploited by malicious actors in…
Recent disclosures have revealed multiple significant security vulnerabilities within the needrestart package, which has been a default component of Ubuntu Server since version 21.04. These flaws pose a threat by enabling local attackers to escalate their privileges to root without the need for user interaction. The Qualys Threat Research Unit…
