Bug hunter tracks down three massive MCP flaws and one vendor won't fix theirs
Apache, Alibaba databases vulnerable and only one has a patch
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Apache, Alibaba databases vulnerable and only one has a patch
Bug hiding in plain sight for over a decade lands on KEV list CISA is sounding the alarm on a newly-exploited Apache ActiveMQ bug, ordering federal agencies to patch within two weeks as attackers circle a flaw that's been quietly lurking for more than a decade.…
CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. [...]
The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE.
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack
Intruders hoped no one would notice their presence Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers.…
An attacker is breaking into Linux systems via a widely abused 2-year-old vulnerability in Apache ActiveMQ, installing malware and then patching the flaw.
Cybersecurity researchers have detailed a now-patched vulnerability in Google Cloud Platform (GCP) that could have enabled an attacker to elevate their privileges in the Cloud Composer workflow orchestration service that's based on Apache Airflow
Also: Patch Tuesday, Equalize Scandal Figure Dies and Polymorphic Extension AttackThis week, Ivanti EPM customers should patch, Patch Tuesday, fake extensions mimic legitimate add-ons, a key figure in Italy's Equalize scandal dead of heart attack, and convincing fake browser extensions. Also, Apache Camel flaw, OpenAI's agent automates phishing and Apple patched another zero day.
The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions
Also, US Court Rules NSO Group Violated Hacking Laws With Pegasus SpywareThis week, cyberattack disrupts Japan Airlines, U.S. court rules NSO Group violated hacking laws, the European Space Agency’s web store hacked, FTC orders Marriott to overhaul data security, Sophos patches critical firewall flaws and Apache fixes critical SQL injection in Traffic Control.
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution
You applied the patch that could stop possible RCE attacks last week, right? A critical security hole in Apache Struts 2, patched last week, is now being exploited using publicly available proof-of-concept (PoC) code.…
A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. [...]
More details released after devs allowed weeks to apply fixes We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE.…
Healthcare Sector Heavily Relies on Open-Source Web Server; Older Flaws Pose RiskFederal authorities are alerting healthcare entities of vulnerabilities - including older flaws - that put Apache Tomcat at risk for attacks if left unmitigated. The open-source web server is heavily used in healthcare for hosting electronic health record and other systems and applications.
Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to remote code execution attacks
Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances
Cybersecurity researchers are warning of a "notable increase" in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts