Security News

Filter by:

MITRE shares 2024's top 25 most dangerous software weaknesses

MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. [...]
Bleepingcomputer 21 Nov 2024 924 Views

D-Link urges users to retire VPN routers impacted by unfixed RCE flaw

D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. [...]
Bleepingcomputer 20 Nov 2024 874 Views

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...]
Bleepingcomputer 20 Nov 2024 874 Views

Chinese hackers exploit Fortinet VPN zero-day to steal credentials

Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. [...]
Bleepingcomputer 19 Nov 2024 1077 Views

Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score...
The Hacker News 19 Nov 2024 3810 Views

Security plugin flaw in millions of WordPress sites gives admin access

A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. [...]
Bleepingcomputer 17 Nov 2024 1127 Views

CISA warns of more Palo Alto Networks bugs exploited in attacks

CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited in attacks. [...]
Bleepingcomputer 15 Nov 2024 1080 Views

Microsoft Power Pages Leak Millions of Private Records

Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.
Dark Reading 14 Nov 2024 1003 Views

FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023

​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year.
Bleeping Computer 13 Nov 2024 1465 Views

Microsoft Exchange adds warning to emails abusing spoofing flaw

Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective.
Bleeping Computer 13 Nov 2024 1431 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY