Recent findings have uncovered multiple security vulnerabilities within the open-source Netgate pfSense firewall solution. These vulnerabilities could potentially be combined by an attacker, allowing them to execute arbitrary commands on affected devices. The identified issues involve two reflected cross-site scripting (XSS) issues alongside a command injection vulnerability, as reported by…
Recent findings have revealed two security vulnerabilities in Microsoft Windows that have since been patched but could have been exploited by attackers to carry out remote code execution (RCE) on Outlook email clients without any user intervention. This information was disclosed by Akamai researcher Ben Barnea, who discovered the flaws…
Google has issued critical security updates for its Chrome web browser following the identification of a severe zero-day vulnerability. This flaw, labeled as CVE-2023-7024, has already been exploited in active attacks, prompting urgent measures from the tech giant. Described as a heap-based buffer overflow error within the WebRTC framework, this…
Recent cybersecurity threats have revealed that attackers are exploiting an aging vulnerability in Microsoft Office as a tactic within phishing campaigns. This method is being employed to disseminate a malware variant known as Agent Tesla. The infection vector often involves decoy Excel files, which are typically embedded in messages that…
The threat actor identified as UAC-0099 has intensified its campaign targeting Ukraine, utilizing a critical vulnerability in the WinRAR software to distribute the malware variant known as LONEPAGE. This method highlights a significant shift in tactics, emphasizing the exploitation of existing software vulnerabilities to facilitate attacks. According to cybersecurity firm…
New Phishing Campaign Deploys Nim-Based Malware via Microsoft Word Documents A recently uncovered phishing campaign is exploiting Microsoft Word documents as bait to deliver backdoor malware written in the Nim programming language. This development poses significant challenges for cybersecurity experts, as malware created in less common languages can hinder research…
Barracuda Networks disclosed a serious cybersecurity incident involving a zero-day vulnerability within its Email Security Gateway (ESG) appliances, allegedly exploited by Chinese threat actors. This vulnerability has been designated as CVE-2023-7102 and has led to the deployment of backdoors on a select number of affected devices. The vulnerability involves an…
Zero-Day Vulnerability Discovered in Apache OfBiz ERP System A serious zero-day vulnerability has been identified in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. This flaw poses significant risks as it could potentially allow attackers to bypass essential authentication safeguards. The vulnerability is classified as CVE-2023-51467, linked specifically to…
Recent research from Ruhr University Bochum has revealed a critical security vulnerability in the Secure Shell (SSH) protocol, which is widely used for secure communications over untrusted networks. The vulnerability, designated as Terrapin (CVE-2023-48795), exhibits a CVSS score of 5.9, signaling its potential significance in the cybersecurity landscape. This vulnerability…
