A vulnerability has been identified in GitLab CE/EE, impacting all versions from 16.0 to 16.5.8, 16.6 to 16.6.6, 16.7 to 16.7.4, and 16.8 to 16.8.1. This flaw enables authenticated users to write files to any location on the GitLab server…
A newly disclosed security vulnerability in the GNU C library (glibc) has raised significant concerns within the cybersecurity community. Tracked as CVE-2023-6246, this heap-based buffer overflow flaw has the potential to allow malicious local attackers to obtain full root access…
In a recent discovery by Fortinet FortiGuard Labs, a new iteration of the Phobos ransomware family, known as Faust, has been detected in the wild. More particularly, the researchers came across an Office document housing a VBA script designed to…
The U.S. National Security Agency (NSA) has confirmed its practice of buying internet browsing records from data brokers, raising concerns about potential privacy violations. According to U.S. Senator Ron Wyden, the NSA’s admission came as part of efforts to identify…
Cisco has recently issued patches to rectify a critical security vulnerability affecting Unified Communications and Contact Center Solutions products, presenting a potential risk of arbitrary code execution by an unauthenticated, remote attacker. Vulnerability Details (CVE-2024-20253) The flaw, tracked as CVE-2024-20253…
A new Go-based malware loader named CherryLoader has surfaced in the wild, posing a significant threat by delivering additional payloads onto compromised hosts for subsequent exploitation. CherryLoader Malware Loader in Detail CherryLoader operates deceptively, disguising itself as the legitimate CherryTree…
Cybersecurity experts from Kaspersky have uncovered a sophisticated method employed by hackers to deliver information-stealing malware to macOS users. This insidious campaign employs a stealthy approach, utilizing DNS records to conceal malicious scripts and target users of macOS Ventura and…
Malicious actors swiftly seized upon a recently exposed critical security vulnerability affecting Atlassian Confluence Data Center and Confluence Server, launching active exploitation campaigns within a mere three days of its public disclosure. Threat Actors Weaponizing CVE-2023-22527 Identified as CVE-2023-22527 with…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical flaw in Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core, adding it to the Known Exploited Vulnerabilities catalog. CVE-2023-35081: Disclosure and Overview The vulnerability, identified as CVE-2023-35082 with…
Continuous integration and continuous delivery (CI/CD) misconfigurations discovered within the widely-used TensorFlow machine learning framework raise concerns about potential supply chain attacks. TensorFlow Vulnerabilities and the Risk of Supply Chain Attacks Praetorian researchers Adnan Khan and John Stawinski highlighted vulnerabilities…
A concerning trend has emerged on the macOS platform. Multiple information stealers have showcased a remarkable ability to outsmart detection, even in the face of frequent monitoring and reporting by security companies. XProtect, macOS’s built-in anti-malware system, is designed to…
Guardio Labs’ research team has recently unearthed a critical zero-day vulnerability in the widely used Opera web browser family. This vulnerability, codenamed MyFlaw, poses a significant threat as it enables attackers to execute malicious files on both Windows and MacOS…
Romanian cybersecurity firm Bitdefender has unveiled multiple security vulnerabilities in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners. If successfully exploited, these vulnerabilities could empower attackers to execute arbitrary code on the affected systems, raising concerns about the potential compromise…
GitLab has released crucial security updates for both its Community and Enterprise Editions to counteract two critical vulnerabilities. One of these vulnerabilities has the potential for account hijacking with no user interaction, posing a significant threat to organizations relying on…
Cisco has recently addressed a critical security flaw in its Unity Connection. Unity Connection is a fully virtualized messaging and voicemail solution designed for various platforms, including email inboxes, web browsers, Cisco Jabber, Cisco Unified IP Phone, smartphones, and tablets.…
Apache OFBiz, an open-source Enterprise Resource Planning (ERP) system, has fallen prey to a newly unearthed zero-day security vulnerability. This flaw, identified as CVE-2023-51467, resides within the login functionality of the system, creating a potential avenue for threat actors to…
The U.S. Justice Department (DoJ) has officially dismantled the notorious BlackCat ransomware operation, presenting a decryption tool to over 500 victims to recover their files encrypted by the malicious software. Court documents reveal that the U.S. Federal Bureau of Investigation…
Microsoft’s December 2023 Patch Tuesday: Wrapping Up the Year Microsoft bids farewell to 2023 with its final Patch Tuesday updates, addressing 33 flaws in its software. Remarkably, this release marks one of the lighter ones in recent years, featuring four…
Apple rolled out a comprehensive set of security updates on Monday, including the critical CVE-2023-45866, addressing severe vulnerabilities across multiple platforms. The updates cover iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser, with a focus on fixing security…
Cybersecurity expert Patrick Wardle recently conducted a comprehensive analysis of a newly discovered macOS ransomware named Turtle. What sets Turtle apart is its cross-platform adaptability, with versions tailored for both Windows and Linux systems. This cross-platform nature hints at a…
