Hackers exploit Aiohttp bug to find vulnerable networks
The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. [...]
Vulnerabilities are flaws attackers can exploit to access systems or data; timely patching, isolation, and least privilege reduce the impact.
Search across headline titles and summaries.
Background for this topic.
A vulnerability is a weakness in a system’s design, code, configuration, or operating process that could allow an attacker to violate a security requirement. It may affect software, hardware, networks, cloud services, or exposed interfaces, and is not automatically exploitable: practical risk depends on factors such as exposure, required privileges, available attack paths, and existing controls. Outcomes can include unauthorized access, information disclosure, code execution, or disruption of service.
Effective vulnerability management combines accurate asset inventory with code review, security testing, scanning, and trusted vulnerability intelligence. Organizations should prioritize weaknesses affecting reachable, business-critical systems—especially when exploitation is known or requires little access—then patch or otherwise mitigate them and verify the fix. Where patching is delayed, controls such as disabling an exposed feature, restricting network access, or strengthening authentication can reduce the attack surface. Records should preserve affected versions, risk decisions, remediation owners, and validation results.
The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. [...]
A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution
Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk – and nobody knows why
Taiwanese Hardware Manufacturer Fixes Improper Authentication FlawQNAP Systems on Saturday released a patch for a critical bug that allows unauthorized access to devices without authentication. The issue affects its QTS, QuTS hero, and QuTScloud products and potentially exposes network-attached storage devices to unauthorized access.
Potential Zero-Click Account Takeover Exploit Is Among Identified VulnerabilitiesResearchers at security firm Salt Security have uncovered multiple vulnerabilities in third-party plug-ins used in ChatGPT, including a zero-click account takeover flaw that was triggered when users attempted to install the plug-in using their ChatGPT accounts.
On the internet, men are men, lonely single moms are men, and vulnerable PC users are federal agents A pair of tech support businesses accused of swindling marks out of their hard-earned cash have agreed to cough up a $26 million settlement following an undercover probe by the FTC.…
Attackers use Google redirects in their phishing attack leveraging a now-patched vulnerability that spreads the multifaceted malware.
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances
Fortinet has released security updates to fix several critical vulnerabilities in its products
Misconfigurations, insecure services leave United Arab Emirates organizations and critical infrastructure vulnerable to bevy of cyber threats.
Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. [...]
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. [...]
Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. [...]
A $2M drop from previous year. So … things are more secure? Google awarded $10 million to 632 bug hunters last year through its vulnerability reward programs.…
Attackers can remotely execute code with system privileges by exploiting a vulnerability in the source code of the open source container management system.
The vulnerabilities found in ChatGPT plugins — since remediated — heighten the risk of proprietary information being stolen and the threat of account takeover attacks.
Identities are the latest sweet spot for cybercriminals, now heavily targeting SaaS applications that are especially vulnerable in this attack vector. The use of SaaS applications involves a wide range of identities, including human and non-human, such as service accounts, API keys, and OAuth authorizations. Consequently, any identity in a SaaS app can create an opening for cybercriminals to
No zero-day vulnerabilities to fix in this month’s Microsoft Patch Tuesday