Penetration Testing

DECEMBER 8, 2024

A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the afd.sys Windows driver. poses a significant threat to Windows systems,... The post Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Penetration Testing

DECEMBER 10, 2024

The update, rolling out progressively to Windows, Mac, and Linux... The post Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382 appeared first on Cybersecurity News.

Cybersecurity 128

Cybersecurity 128

Penetration Testing

NOVEMBER 14, 2024

A critical security vulnerability, CVE-2024-52301, has been identified in the Laravel framework, a popular web application framework known for its elegant syntax and comprehensive toolset for building robust applications.

Cybersecurity 145

Cybersecurity 145

Penetration Testing

NOVEMBER 3, 2024

These... The post CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras appeared first on Cybersecurity News.

Cybersecurity 134

Cybersecurity 134

Penetration Testing

NOVEMBER 19, 2024

CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations.

Cybersecurity 133

Cybersecurity 133

Penetration Testing

OCTOBER 30, 2024

ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now Platform. appeared first on Cybersecurity News.

Risk 141

Risk Cybersecurity 141

Penetration Testing

DECEMBER 22, 2024

The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337.

Software 141

Software Cybersecurity 141

Penetration Testing

OCTOBER 30, 2024

In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a critical zero-day vulnerability... The post CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now!

Hacking 128

Hacking Cybersecurity 128

Security Affairs

OCTOBER 24, 2024

The “FortiJump” flaw (CVE-2024-47575) has been exploited in zero-day attacks since June 2024, impacting over 50 servers, says Mandiant. A new report published by Mandiant states that the recently disclosed Fortinet FortiManager flaw “FortiJump” CVE-2024-47575 (CVSS v4 score: 9.8) This week the U.S.

Authentication 132

Authentication Internet Internet Hacking 132

Security Affairs

APRIL 26, 2025

Jeffrey Bowie, CEO of the cybersecurity firm Veritaco, is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. The man is accused of having installed the malware on the hospital computers on August 6, 2024. Anthony Hospital.

Malware 145

Malware Cybersecurity Healthcare Media 145

Penetration Testing

NOVEMBER 7, 2024

Veeam recently disclosed a new security vulnerability, tracked as CVE-2024-40715, that impacts Veeam Backup Enterprise Manager. this flaw is classified as a high-severity vulnerability,... The post CVE-2024-40715: Authentication Bypass Threat in Veeam Backup Enterprise Manager appeared first on Cybersecurity News.

Backups 119

Backups Authentication Cybersecurity 119

Penetration Testing

DECEMBER 31, 2024

A security researcher published a proof-of-concept (PoC) exploit for CVE-2024-21182, a critical vulnerability in Oracle WebLogic Server. Rated at CVSS 7.5,

Cybersecurity 120

Cybersecurity 120

Penetration Testing

NOVEMBER 11, 2024

A newly discovered security vulnerability, CVE-2024-47295, affecting multiple SEIKO EPSON products, could allow attackers to take control of devices with administrative privileges.

Risk 125

Risk Passwords Cybersecurity 125

Penetration Testing

DECEMBER 3, 2024

One of these... The post CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC appeared first on Cybersecurity News.

Backups 137

Backups Software Cybersecurity 137

Penetration Testing

NOVEMBER 15, 2024

A critical vulnerability (CVE-2024-49369) has been discovered in Icinga 2, a... The post CVE-2024-49369 (CVSS 9.8): Critical Flaw in Icinga 2 Allows for Impersonation and RCE appeared first on Cybersecurity News.

Cybersecurity 130

Cybersecurity 130

Penetration Testing

NOVEMBER 25, 2024

The vulnerability, identified as... The post Palo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code (CVE-2024-5921) appeared first on Cybersecurity News.

Software 137

Software Cybersecurity 137

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

InfoSec 130

InfoSec Cyber Risk CISO Cybersecurity 130

Penetration Testing

NOVEMBER 5, 2024

In a recent analysis, cybersecurity researchers Hichem Maloufi and Christian Mina detailed CVE-2024-44258, a symlink vulnerability affecting Apple’s ManagedConfiguration framework and the profiled daemon.

Cybersecurity 134

Cybersecurity 134

Penetration Testing

APRIL 24, 2025

A newly disclosed vulnerability in Apples proprietary libAppleArchive library, tracked as CVE-2024-27876, enables attackers to achieve arbitrary file The post CVE-2024-2787: Apple Archive Flaw Enables Arbitrary File Write and Gatekeeper Bypass, PoC Releases appeared first on Daily CyberSecurity.

Cybersecurity 108

Cybersecurity 108

Penetration Testing

NOVEMBER 23, 2024

Tracked as CVE-2024-9511 and assigned a CVSS v3.1 the... The post CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover appeared first on Cybersecurity News. score of 9.8,

Cybersecurity 111

Cybersecurity 111

Penetration Testing

NOVEMBER 16, 2024

Discovered by security researcher Rein Daelman, the flaw (CVE-2024-8856)... The post CVE-2024-8856: WP Time Capsule Plugin Vulnerability Exposes 20,000+ Sites to TakeOver appeared first on Cybersecurity News.

Backups 109

Backups Cybersecurity 109

Security Affairs

MARCH 10, 2025

Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. The flaw CVE-2024-4577 (CVSS score: 9.8) Over 1,000 attacks detected globally. is a PHP-CGI OS Command Injection Vulnerability.

DDOS 102

DDOS Security Intelligence Malware Hacking 102

Penetration Testing

DECEMBER 10, 2024

Designated as CVE-2024-44131, this flaw enables malicious applications to bypass user consent mechanisms and... The post Researcher Details CVE-2024-44131 – A Critical TCC Bypass in macOS and iOS appeared first on Cybersecurity News.

Cybersecurity 107

Cybersecurity 107

Penetration Testing

NOVEMBER 18, 2024

A critical security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) has been identified, potentially enabling remote code execution (RCE) on users’ workstations.

Cybersecurity 88

Cybersecurity 88

Penetration Testing

OCTOBER 17, 2024

In a significant discovery by Microsoft Threat Intelligence, a vulnerability in macOS, identified as CVE-2024-44133, has been found to bypass Apple’s Transparency, Consent, and Control (TCC) technology.

Technology 94

Technology Cybersecurity 94

eSecurity Planet

OCTOBER 18, 2024

As they do, they create more security vulnerabilities and inherent business, changing the nature of cybersecurity careers. million in 2024 — 10% more than the previous year and the highest average ever. with cybersecurity employment growing almost three times, or 267% the national growth rate. According to research by IBM Corp.

Cybersecurity 126

Cybersecurity Artificial Intelligence Penetration Testing CISO 126

Security Affairs

JANUARY 4, 2025

Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by Chinas state-backed Flax Typhoon APT group (also called Ethereal Panda or RedJuliett).

Cybersecurity 124

Cybersecurity IoT Hacking Technology 124

Penetration Testing

DECEMBER 16, 2024

Tracked as CVE-2024-55661, this vulnerability could allow authenticated... The post CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool appeared first on Cybersecurity News.

Authentication 109

Authentication Cybersecurity 109

eSecurity Planet

APRIL 23, 2025

CEOs worldwide are no longer treating cybersecurity as simply a defensive measure. According to a new survey by Gartner, a staggering 85% of top executives believe strong cybersecurity is critical for their companys expansion. However, as AI adoption grows, so does the need for stronger cybersecurity.

Cybersecurity 107

Cybersecurity Data breaches Cyber threats Technology 107

Penetration Testing

NOVEMBER 6, 2024

Identified as CVE-2024-20418,... The post CVE-2024-20418 (CVSS 10): Cisco URWB Access Points Vulnerable to Remote Takeover appeared first on Cybersecurity News.

Wireless 109

Wireless Software Cybersecurity 109

Security Boulevard

JANUARY 10, 2025

According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023. The post Phishing Threats, GenAI Among Top Cybersecurity Risks in 2025 appeared first on Security Boulevard. The study found phishing campaigns have evolved.

Phishing 122

Phishing Risk Cybersecurity Security Awareness 122

SecureWorld News

JANUARY 12, 2025

The CrowdStrike incident in 2024 was a stark reminder how it could bring major day-to-day activities to a halt. This article explores how boards can effectively prepare, respond, and lead during cybersecurity incidents, turning a potential disaster into a managed crisis.

Cybersecurity 109

Cybersecurity Ransomware Data breaches Government 109

Penetration Testing

NOVEMBER 28, 2024

Security researchers from TrustedSec have uncovered a critical zero-day vulnerability, CVE-2024-49019, affecting Active Directory Certificate Services (AD CS).

Cybersecurity 111

Cybersecurity 111

Penetration Testing

OCTOBER 26, 2024

This vulnerability, tracked as CVE-2024-9488 and assigned a CVSSv3 score... The post CVE-2024-9488 (CVSS 9.8): Authentication Bypass Flaw in wpDiscuz Plugin, Over 80,000 Sites at Risk appeared first on Cybersecurity News.

Authentication 109

Authentication Risk Cybersecurity 109

IT Security Guru

JANUARY 9, 2025

As we begin the New Year, it offers a chance for reflection on 2024 and to consider what we can do as security professionals and business leaders in 2025 that will keep us relevant and in the best position to counter cyber threats going forward. This will require expertise in cryptography, IT infrastructure and cybersecurity.

Cybersecurity 114

Cybersecurity Cyber threats Architecture Digital transformation 114

SecureWorld News

NOVEMBER 18, 2024

Environmental Protection Agency (EPA) Office of Inspector General (OIG) has highlighted significant cybersecurity vulnerabilities in the nation's drinking water systems. The report, released on November 13, 2024, underscores the urgent need for increased security measures to protect critical infrastructure. million people.

Cybersecurity 122

Cybersecurity Risk Penetration Testing Technology 122

Security Boulevard

FEBRUARY 7, 2025

Law enforcement actions, better defenses, and a refusal by victims to pay helped to reduce the amount of ransoms paid in 2024 by $35%, a sharp decline from the record $1.25 The post Ransom Payments Fell 35% in 2024 After LockBit, BlackCat Takedowns appeared first on Security Boulevard.

Mobile 113

Mobile Ransomware Malware Cybersecurity 113