Microsoft SharePoint RCE bug exploited to breach corporate network
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. [...]
Stay informed on the latest in security disclosure practices. Keep your data safe with insights and updates on the newest disclosure trends in cybersecurity.
Search across headline titles and summaries.
Background for this topic.
Disclosure in information security means sharing details about vulnerabilities, breaches, or security incidents. This can be done privately with affected parties, coordinated to allow fixes before public release, or fully public, sometimes before patches exist. The method chosen affects how quickly risks are mitigated and how much attackers might exploit the information.
Proper disclosure helps organizations prioritize patching and reduces the window attackers have to exploit flaws. Poorly timed or incomplete disclosure can expose systems to increased risk, while transparent, coordinated disclosure supports effective vulnerability management and trust between researchers and defenders. Understanding disclosure practices is essential for assessing the urgency and reliability of security news.
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. [...]
Firm Supplies More Than 6,000 PharmaciesA ransomware attack on German pharmaceutical distributor AEP detected Monday has not led to medication shortages so far, report local media. AEP disclosed Wednesday that hackers successfully encrypted some of its IT systems. Pharmacies usually work with several wholesalers.
Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024
Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos. [...]
Volt Typhoon, APT31, APT41 Targeted Sophos Edge DevicesFirewall maker Sophos disclosed Thursday a half-decade worth of efforts by multiple nation-state Chinese hacking groups to infiltrate its appliances, calling the admission a wake-up call for the cybersecurity industry. Targeting firewall appliances is a known nation state tactic as hackers
A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated threat actor to elevate their privileges and perform malicious actions
Patch up: The Spring framework dominates the Java ecosystem If you're running an application built using the Spring development framework, now is a good time to check it's fully updated – a new, critical-severity vulnerability has just been disclosed.…
A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence (AI) and machine learning (ML) models, some of which could lead to remote code execution and information theft
More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the latest AMD and Intel processors are still susceptible to speculative execution attacks
The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States. [...]