Zoho ManageEngine users are being advised to urgently apply security patches to their systems due to a critical vulnerability identified as CVE-2022-47966. This flaw opens the door for unauthenticated remote code execution, raising significant security concerns ahead of the anticipated release of proof-of-concept (PoC) exploit code. This vulnerability has been…
Recent updates to the Git source code version control system have unveiled the presence of two critical vulnerabilities that expose users to the risk of remote code execution. The vulnerabilities, tracked as CVE-2022-23521 and CVE-2022-41903, affect multiple Git versions, creating significant concerns for organizations relying on the software. Impacted versions…
A serious critical vulnerability has been identified within multiple Microsoft Azure services, potentially allowing malicious actors to gain complete control over targeted applications. The flaw, characterized as a remote code execution (RCE) issue, was highlighted in a report by Ermetic researcher Liv Matan and has significant implications for Azure users.…
Recent cybersecurity intelligence has revealed a sophisticated exploitation of a patched vulnerability in Fortinet’s FortiOS SSL-VPN. This zero-day exploit is believed to have been leveraged by a suspected state-sponsored threat actor associated with China, targeting a government entity in Europe and a managed service provider (MSP) in Africa. Evidence gathered…
Recent findings from Orange Cyberdefenses’ Security Navigator reveal a worrying trend in cybersecurity. Vulnerabilities that were first identified as far back as 1999 continue to be present in networks today, underscoring a persistently high risk landscape. Analyzing Vulnerability Lifespan The ongoing vulnerability scans conducted by Orange Cyberdefense allow for an…
VMware Addresses Critical Security Flaws in vRealize Log Insight Software On Tuesday, VMware announced the release of a software update aimed at addressing four significant security vulnerabilities in its vRealize Log Insight platform, also known as Aria Operations for Logs. These flaws pose a serious risk of remote code execution…
QNAP, a Taiwanese manufacturer of network-attached storage (NAS) devices, has issued urgent updates to address a critical security vulnerability that poses a significant risk of arbitrary code injection in its products. This vulnerability, identified as CVE-2022-27596, has received a CVSS score of 9.8 out of 10, indicating its severity. It…
Two additional security vulnerabilities have been identified in AMI MegaRAC Baseboard Management Controller (BMC) software, just two months following the discovery of three similar flaws in the same system. Firmware security firm Eclypsium disclosed these new vulnerabilities, which were withheld previously to allow AMI time to implement necessary mitigations. The…
ImageMagick Exposed: Two Critical Vulnerabilities Found Cybersecurity experts have identified serious security flaws in the widely-used open source software, ImageMagick, which could result in denial-of-service (DoS) attacks and unauthorized information disclosure. Discovered by the Latin American cybersecurity firm Metabase Q in version 7.1.0-49, these vulnerabilities were subsequently addressed in an…