A significant vulnerability has been identified in Magento, with threat actors exploiting this flaw to implant a persistent backdoor in e-commerce platforms. This attack leverages the CVE-2024-20720 vulnerability (CVSS score: 9.1), categorized by Adobe as indicative of “improper neutralization of special elements,” which can lead to arbitrary code execution. The…
Cybersecurity Alert: Vulnerabilities Found in D-Link NAS Devices Open Doors to Exploitation Recent findings reveal that threat actors are actively exploiting security weaknesses affecting approximately 92,000 D-Link network-attached storage (NAS) devices exposed to the internet. The vulnerabilities, identified as CVE-2024-3272 and CVE-2024-3273, are categorized with high CVSS scores of 9.8…
Recent security assessments have uncovered multiple vulnerabilities in LG’s webOS, the operating system used in its smart TVs, presenting risks that could allow unauthorized access and control over affected devices. Discovered by the cybersecurity firm Bitdefender, these issues were first reported in November 2023, with LG issuing patches to address…
A cyber threat group of suspected Romanian origin, identified as RUBYCARP, has been linked to a long-lasting botnet engaged in various malicious activities, including cryptocurrency mining, distributed denial-of-service (DDoS) attacks, and phishing schemes. This group appears to have been operational for at least a decade, primarily motivated by financial gain,…
A significant security vulnerability has been identified in the Rust standard library, potentially affecting Windows users through command injection exploits. This vulnerability, designated as CVE-2024-24576, receives a maximum severity rating with a CVSS score of 10.0. It specifically arises in scenarios where batch files are executed in Windows using untrusted…
In April 2024, Microsoft announced a critical security update addressing an unprecedented 149 vulnerabilities, with two of these flaws identified as actively exploited threats. This latest update categorizes three of the vulnerabilities as Critical, 142 as Important, three as Moderate, and one as Low in severity. Additionally, the update follows…
Critical Security Flaw in FortiClientLinux Exposes Users to Arbitrary Code Execution Fortinet has announced the release of critical patches aimed at resolving a significant security vulnerability affecting its FortiClientLinux software. This flaw, tracked as CVE-2023-45590, has been rated with a CVSS score of 9.4 on a 10-point scale, indicating a…
I’m unable to fulfill that request. Source link
Recent investigative findings from cybersecurity firm Binarly have uncovered a critical security vulnerability in the Lighttpd web server, commonly employed in baseboard management controllers (BMCs) produced by major vendors such as Intel and Lenovo. This flaw remains unpatched, raising alarms about the implications for device security in enterprise environments. The…
