Critical 'MongoBleed' Bug Under Active Attack, Patch Now
A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A memory leak security vulnerability allows unauthenticated attackers to extract passwords and tokens from MongoDB servers.
Psst, wanna steal someone's biometrics? black hat Critical security flaws in Broadcom chips used in more than 100 models of Dell computers could allow attackers to take over tens of millions of users' devices, steal passwords, and access sensitive data, including fingerprint information, according to Cisco Talos.…
Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. [...]
Actively Targeted Zero Day Patched; Warning Issued After Device Configurations LeakFortinet has released patches to fix a zero-day vulnerability being actively exploited by attackers. Separately, researchers are warning customers to review their infrastructure after attackers leaked configuration details - including firewall rules and plaintext VPN passwords - for 15,000 devices.
Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file
A vulnerability in the file server and collaboration platform earned a 10 in severity on the CVSS, allowing access to admin passwords, mail server credentials, and license keys.
Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments. [...]
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. [...]
Researchers have delivered working exploits for RouterOS, which when combined with default admin passwords can be a recipe for cyber disaster.
Zen 2 flaw more simple than Spectre, exploit code already out there – get patching when you can AMD has started issuing some patches for its processors affected by a serious silicon-level bug dubbed Zenbleed that can be exploited by rogue users and malware to steal passwords, cryptographic keys, and other secrets from software running on a vulnerable system.…