In a significant report released for 2023, MITRE has unveiled its annual assessment of the Top 25 “most dangerous software weaknesses.” This list is crucial for understanding the vulnerabilities that pose the greatest risk to software systems and applications. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) emphasized the dangers…
Critical Vulnerability Exposes 200,000 WordPress Sites to Attacks A pressing cyber threat has emerged, endangering as many as 200,000 WordPress websites. The security risk stems from an unpatched vulnerability in the Ultimate Member plugin, which has been flagged as CVE-2023-3460. This flaw, scoring a critical 9.8 on the Common Vulnerability…
I’m unable to fulfill that request. Source link
A newly discovered security vulnerability in the Linux kernel, referred to as StackRot (CVE-2023-3269, CVSS score: 7.8), presents a potential avenue for privilege escalation on affected systems. This vulnerability impacts Linux kernel versions 6.1 through 6.4 and has no known instances of exploitation in real-world scenarios thus far. The StackRot…
Recent alerts from cybersecurity agencies have highlighted a surge in variants of TrueBot malware, which are now actively targeting businesses in the United States and Canada. This sophisticated malware aims to infiltrate networks and extract sensitive information from compromised systems, posing a significant data breach risk. TrueBot exploits a critical…
Mastodon, a well-established decentralized social network, has announced the release of a significant security patch aimed at addressing vulnerabilities that could endanger millions of its users. This decentralized platform comprises over 20,000 independent servers, known as “instances,” and boasts a user base exceeding 14 million individuals. The most pressing vulnerability…
Progress Software has announced the identification and resolution of a critical SQL injection vulnerability within MOVEit Transfer, software widely utilized for secure file transfers. Alongside this, the company has addressed two additional high-severity vulnerabilities that also pose significant security risks. The SQL injection vulnerability, designated as CVE-2023-36934, could enable unauthenticated…
On Tuesday, Microsoft announced the release of significant software updates addressing a total of 132 security vulnerabilities, among which are six zero-day flaws that have been actively exploited by cybercriminals. This update reflects a substantial effort to fortify their software against ongoing threats, underlining the vulnerabilities present across multiple platforms.…
Zimbra has issued a warning regarding a critical zero-day vulnerability affecting its email software, which has reportedly been exploited in active attacks. This security flaw is present in the Zimbra Collaboration Suite Version 8.8.15 and poses significant threats to the confidentiality and integrity of user data. In an advisory, the…
