ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere
Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE)
Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures
A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instances are currently exposed.
The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.
Researchers Find Exploitable Flaws in the OvrC PlatformSecurity flaws in a cloud platform for remotely configuring and monitoring Internet of Things gadgets could expose millions of devices to remote code execution hacks. Security researchers at Claroty's Team82 uncovered 10 vulnerabilities in the widely used OvrC cloud platform.
The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware
The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
Attackers Could Exploit Flaw to Run Malicious Code on Google' s, Customers' ServersGoogle patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, "CloudImposer," which could have allowed attackers to compromise millions of servers, say researchers from Tenable. The CloudImposer vulnerability could lead to the Jenga Tower effect.
A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack technique called dependency confusion
Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild
Novel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environments into cryptomining networks.
Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution
VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code execution
Specially crafted network packet could allow remote code execution and access to VM fleets VMware by Broadcom has revealed a pair of critical-rated flaws in vCenter Server – the tool used to manage virtual machines and hosts in its flagship Cloud Foundation and vSphere suites.…
A newly discovered flaw in open source utility Fluent Bit could enable widespread DoS, RCE and information leakage
A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. [...]
The vulnerability would have allowed an unauthenticated attacker to execute code on a container hosted on one of the platform's nodes.
CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the wild. [...]
Red Hat has issued patches for a bug in an open source Java virtual machine software that opens the door to drive-by localhost attacks. Patch now, as it's easy for cyberattackers to exploit.