1692 search results for "zero, trust"

Two critical vulnerabilities have been discovered in D-Link DIR-X4860 routers which were associated with Authentication bypass due to HNAP port and remote code execution. Moreover, exploiting these vulnerabilities together could lead to a complete compromise of the vulnerable device. However,…

Read more →

Hackers exploit the Windows zero-day vulnerabilities, as they offer great advantages. This means that no patches or defenses exist for zero-day vulnerabilities as software vendors are unaware of them, consequently, hackers have a certain period to start their attacks before…

Read more →

Google has issued an urgent security update for its Chrome browser after discovering a zero-day vulnerability that is currently being exploited by attackers. The vulnerability, tracked as CVE-2024-4761, affects the V8 JavaScript engine and could potentially allow attackers to execute arbitrary code on the user’s computer. Google has responded quickly with a patch, urging all users to update their browsers immediately to…

Read more →

A zero-day vulnerability in Microsoft Edge, which has been tagged as CVE-2024-4671, has been aggressively exploited by evil organizations, according to reports. This security flaw originates from the Chromium engine that underpins the browser. Chromium is also the foundation for…

Read more →

Google has urgently updated its Chrome browser across all platforms after a critical vulnerability, identified as CVE-2024-4671, was found being actively exploited. Users are strongly advised to update their browsers immediately to prevent potential security breaches. CVE-2024-4671: Details and Impact…

Read more →

Google released a critical security update for its Chrome web browser to address attackers exploiting a high-severity vulnerability. The update brings Chrome to version 124.0.6367.201 for Windows, Mac, and Linux users on the Stable release channel. The vulnerability, tracked as…

Read more →

Hackers often target CrushFTP servers as they contain sensitive data and are used for file sharing and storage. This makes them attractive targets for data theft and ransomware attacks for the threat actors.  Besides this, the vulnerabilities in CrushFTP servers…

Read more →

A new cybersecurity threat has emerged as a zero-click remote code execution (RCE) exploit targeting Apple’s iMessage service is reportedly being circulated on various hacker forums. This exploit, which allows hackers to take control of an iPhone without any interaction…

Read more →

Security researchers at Cisco Talos have uncovered a sophisticated cyber espionage campaign dubbed “ArcaneDoor” conducted by a state-sponsored threat actor tracked as UAT4356 (STORM-1849). This campaign targeted government networks globally by exploiting multiple zero-day vulnerabilities in Cisco’s Adaptive Security Appliance…

Read more →

A zero-day exploit targeting the popular messaging app WhatsApp has been advertised on underground hacker forums. The exploit has raised serious concerns regarding the safety of users on Android and iOS platforms. This exploit is reported to have the potential…

Read more →

CrushFTP is a file transfer server that supports secure protocols, offers easier configuration, and offers powerful monitoring tools. It also provides a web interface that allows users to transfer files using a web browser.  A critical vulnerability associated with FileSystem…

Read more →

A new zero-day Local Privilege Escalation (LPE) exploit has been put up for sale on a notorious hacker forum. This exploit, which has not yet been assigned a Common Vulnerabilities and Exposures (CVE) reference, is said to be capable of…

Read more →

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified as CVE-2024-3400. This zero-day flaw, found in the GlobalProtect Gateway, is currently under active exploitation by attackers. CVE-2024-3400 allows attackers to execute arbitrary OS commands on…

Read more →

The Palo Alto Networks PAN-OS software has a critical command injection vulnerability that allows an unauthorized attacker to run arbitrary code on the firewall with root access.  The vulnerability is identified as CVE-2024-3400, with a CVSS score of 10.0. Operation MidnightEclipse…

Read more →

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its GlobalProtect Gateway, identified as CVE-2024-3400. This flaw, rooted in the PAN-OS operating system, has already been exploited in a limited number of attacks, raising alarms across…

Read more →

On April Patch Tuesday, Microsoft fixed 149 bugs—one of the biggest security update releases in the company’s history.  Many of its software products, such as Microsoft Office and its SQL Server database package, have fixed vulnerabilities. The majority of vulnerabilities…

Read more →

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including two zero-day exploits showcased at the prestigious Pwn2Own 2024 hacking competition. The update, which affects Chrome users on Windows, Mac, and Linux, elevates the browser version…

Read more →

Two new zero-day vulnerabilities have been discovered in Ivanti Connect Secure and Ivanti Policy Secure products that are assigned with CVE-2024-21888 and CVE-2024-21893. Additionally, one of the vulnerabilities (CVE-2024-21893) has been reported to be exploited by threat actors in the…

Read more →