Category vulnerabilities

Urgent Notice: WordPress Admins Advised to Uninstall miniOrange Plugins Due to Serious Vulnerability

In a significant development for WordPress users, a critical security vulnerability has been identified in miniOrange’s Malware Scanner and Web Application Firewall plugins, prompting an urgent recommendation for website owners to uninstall these tools. The detected flaw, designated as CVE-2024-2172, scores a staggering 9.8 on the CVSS scale, representing a…

Read MoreUrgent Notice: WordPress Admins Advised to Uninstall miniOrange Plugins Due to Serious Vulnerability

Fortra Addresses Critical RCE Vulnerability in FileCatalyst Transfer Tool

Critical Security Flaw Discovered in Fortra FileCatalyst Exposes Servers to Remote Code Execution Fortra has disclosed a significant security vulnerability affecting its FileCatalyst file transfer solution, which could enable unauthenticated attackers to execute malicious code on vulnerable servers. This vulnerability, assigned the identifier CVE-2024-25153, has received a high severity rating…

Read MoreFortra Addresses Critical RCE Vulnerability in FileCatalyst Transfer Tool

APIs Fuel Most Internet Traffic—And Cybercriminals are Exploiting This Vulnerability

Application Programming Interfaces (APIs) serve a crucial role in digital transformation by facilitating data exchange between applications and databases. According to the recent State of API Security in 2024 Report published by Imperva, a Thales company, API calls accounted for a staggering 71% of internet traffic in 2023. Enterprises witnessed…

Read MoreAPIs Fuel Most Internet Traffic—And Cybercriminals are Exploiting This Vulnerability

Atlassian Addresses Over 24 Vulnerabilities, Highlighting Critical Bug in Bamboo

Atlassian Issues Critical Patches for Vulnerability in Bamboo Data Center and Server Atlassian has announced the release of security patches addressing over two dozen vulnerabilities, with a significant focus on a critical flaw affecting its Bamboo Data Center and Server products. This vulnerability, tracked as CVE-2024-1597, has been assigned a…

Read MoreAtlassian Addresses Over 24 Vulnerabilities, Highlighting Critical Bug in Bamboo

Ivanti Issues Emergency Patch for Critical Sentry RCE Vulnerability

Ivanti has recently revealed a critical remote code execution vulnerability affecting its Standalone Sentry product, emphasizing the urgency for clients to implement the necessary patches to mitigate potential cybersecurity threats. This vulnerability, identified as CVE-2023-41724, has been scored with a CVSS rating of 9.6, indicating its severity. The flaw allows…

Read MoreIvanti Issues Emergency Patch for Critical Sentry RCE Vulnerability

AndroxGh0st Malware Aims at Laravel Applications to Harvest Cloud Credentials

Cybersecurity experts have unveiled details about a malicious tool known as AndroxGh0st, which has been specifically designed to target Laravel applications in order to extract sensitive information. According to Kashinath T. Pattan, a researcher with Juniper Threat Labs, this tool operates by scanning for critical data within .env files, which…

Read MoreAndroxGh0st Malware Aims at Laravel Applications to Harvest Cloud Credentials

Major Sign1 Campaign Compromises Over 39,000 WordPress Sites with Scam Redirects

Significant Malware Campaign Targets WordPress Sites A recent and extensive malware campaign known as Sign1 has compromised over 39,000 WordPress sites over the past six months. The malware employs malicious JavaScript injections, maneuvering to redirect users to fraudulent websites. Notably, within the last two months, this campaign has infected an…

Read MoreMajor Sign1 Campaign Compromises Over 39,000 WordPress Sites with Scam Redirects

China-Linked Group Exploits ConnectWise and F5 Software Vulnerabilities to Breach Networks

A threat group linked to China has exploited vulnerabilities in Connectwise ScreenConnect and F5 BIG-IP software, deploying customized malware capable of installing additional backdoors on compromised Linux systems. This aggressive campaign is under surveillance by Mandiant, a Google subsidiary, which refers to the activity by the identifier UNC5174, also known…

Read MoreChina-Linked Group Exploits ConnectWise and F5 Software Vulnerabilities to Breach Networks