Penetration Testing

NOVEMBER 3, 2024

These... The post CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras appeared first on Cybersecurity News.

Cybersecurity 134

Cybersecurity 134

Penetration Testing

NOVEMBER 14, 2024

A critical security vulnerability, CVE-2024-52301, has been identified in the Laravel framework, a popular web application framework known for its elegant syntax and comprehensive toolset for building robust applications.

Cybersecurity 145

Cybersecurity 145

Penetration Testing

NOVEMBER 19, 2024

CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations.

Cybersecurity 133

Cybersecurity 133

Penetration Testing

OCTOBER 30, 2024

ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now Platform. appeared first on Cybersecurity News.

Risk 141

Risk Cybersecurity 141

Penetration Testing

OCTOBER 30, 2024

In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a critical zero-day vulnerability... The post CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now!

Hacking 129

Hacking Cybersecurity 129

Penetration Testing

DECEMBER 22, 2024

The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337.

Software 141

Software Cybersecurity 141

Penetration Testing

NOVEMBER 7, 2024

Veeam recently disclosed a new security vulnerability, tracked as CVE-2024-40715, that impacts Veeam Backup Enterprise Manager. this flaw is classified as a high-severity vulnerability,... The post CVE-2024-40715: Authentication Bypass Threat in Veeam Backup Enterprise Manager appeared first on Cybersecurity News.

Backups 121

Backups Authentication Cybersecurity 121

Penetration Testing

DECEMBER 31, 2024

A security researcher published a proof-of-concept (PoC) exploit for CVE-2024-21182, a critical vulnerability in Oracle WebLogic Server. Rated at CVSS 7.5,

Cybersecurity 122

Cybersecurity 122

Penetration Testing

NOVEMBER 11, 2024

A newly discovered security vulnerability, CVE-2024-47295, affecting multiple SEIKO EPSON products, could allow attackers to take control of devices with administrative privileges.

Risk 126

Risk Passwords Cybersecurity 126

Penetration Testing

DECEMBER 3, 2024

One of these... The post CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC appeared first on Cybersecurity News. Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC).

Backups 138

Backups Software Cybersecurity 138

Penetration Testing

NOVEMBER 15, 2024

A critical vulnerability (CVE-2024-49369) has been discovered in Icinga 2, a... The post CVE-2024-49369 (CVSS 9.8): Critical Flaw in Icinga 2 Allows for Impersonation and RCE appeared first on Cybersecurity News.

Cybersecurity 131

Cybersecurity 131

Penetration Testing

NOVEMBER 25, 2024

The vulnerability, identified as... The post Palo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code (CVE-2024-5921) appeared first on Cybersecurity News.

Software 137

Software Cybersecurity 137

Penetration Testing

NOVEMBER 4, 2024

In its November 2024 security update, Google has addressed 40 security vulnerabilities in the Android operating system, two of which are flagged as actively exploited: CVE-2024-43047 and CVE-2024-43093.

Cybersecurity 94

Cybersecurity 94

Penetration Testing

APRIL 24, 2025

A newly disclosed vulnerability in Apples proprietary libAppleArchive library, tracked as CVE-2024-27876, enables attackers to achieve arbitrary file The post CVE-2024-2787: Apple Archive Flaw Enables Arbitrary File Write and Gatekeeper Bypass, PoC Releases appeared first on Daily CyberSecurity.

Cybersecurity 110

Cybersecurity 110

Penetration Testing

NOVEMBER 5, 2024

In a recent analysis, cybersecurity researchers Hichem Maloufi and Christian Mina detailed CVE-2024-44258, a symlink vulnerability affecting Apple’s ManagedConfiguration framework and the profiled daemon.

Cybersecurity 135

Cybersecurity 135

Penetration Testing

NOVEMBER 23, 2024

Tracked as CVE-2024-9511 and assigned a CVSS v3.1 the... The post CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover appeared first on Cybersecurity News. score of 9.8,

Cybersecurity 111

Cybersecurity 111

Penetration Testing

NOVEMBER 16, 2024

Discovered by security researcher Rein Daelman, the flaw (CVE-2024-8856)... The post CVE-2024-8856: WP Time Capsule Plugin Vulnerability Exposes 20,000+ Sites to TakeOver appeared first on Cybersecurity News.

Backups 109

Backups Cybersecurity 109

Penetration Testing

DECEMBER 10, 2024

Designated as CVE-2024-44131, this flaw enables malicious applications to bypass user consent mechanisms and... The post Researcher Details CVE-2024-44131 – A Critical TCC Bypass in macOS and iOS appeared first on Cybersecurity News.

Cybersecurity 107

Cybersecurity 107

Penetration Testing

NOVEMBER 18, 2024

A critical security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) has been identified, potentially enabling remote code execution (RCE) on users’ workstations.

Cybersecurity 88

Cybersecurity 88

Penetration Testing

NOVEMBER 12, 2024

... The post CVE-2024-8068 & CVE-2024-8069: Citrix Session Recording Manager Unauthenticated RCE Exploits Publicly Available appeared first on Cybersecurity News.

Cybersecurity 91

Cybersecurity 91

Penetration Testing

OCTOBER 17, 2024

In a significant discovery by Microsoft Threat Intelligence, a vulnerability in macOS, identified as CVE-2024-44133, has been found to bypass Apple’s Transparency, Consent, and Control (TCC) technology.

Technology 94

Technology Cybersecurity 94

Penetration Testing

DECEMBER 16, 2024

Tracked as CVE-2024-55661, this vulnerability could allow authenticated... The post CVE-2024-55661: RCE Vulnerability Discovered in Laravel Pulse Monitoring Tool appeared first on Cybersecurity News.

Authentication 111

Authentication Cybersecurity 111

Penetration Testing

NOVEMBER 6, 2024

Identified as CVE-2024-20418,... The post CVE-2024-20418 (CVSS 10): Cisco URWB Access Points Vulnerable to Remote Takeover appeared first on Cybersecurity News.

Wireless 111

Wireless Software Cybersecurity 111

Penetration Testing

NOVEMBER 28, 2024

Security researchers from TrustedSec have uncovered a critical zero-day vulnerability, CVE-2024-49019, affecting Active Directory Certificate Services (AD CS).

Cybersecurity 111

Cybersecurity 111

Penetration Testing

NOVEMBER 25, 2024

The advisory addresses multiple vulnerabilities, including CVE-2024-48860 and CVE-2024-48861, which could allow... The post CVE-2024-48860 (CVSS 9.5): Critical Flaw in QNAP QuRouter, Immediate Update Recommended appeared first on Cybersecurity News.

Cybersecurity 96

Cybersecurity 96

Penetration Testing

NOVEMBER 21, 2024

Security researcher Ebrahim Shafiei identified the flaw (CVE-2024-52940)... The post CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published appeared first on Cybersecurity News.

Software 98

Software Risk Cybersecurity 98

Penetration Testing

OCTOBER 26, 2024

This vulnerability, tracked as CVE-2024-9488 and assigned a CVSSv3 score... The post CVE-2024-9488 (CVSS 9.8): Authentication Bypass Flaw in wpDiscuz Plugin, Over 80,000 Sites at Risk appeared first on Cybersecurity News.

Authentication 109

Authentication Risk Cybersecurity 109

Penetration Testing

JUNE 4, 2024

Security researcher Mykola Grymalyuk published the technical details and a proof-of-concept (PoC) exploit code for a vulnerability (CVE-2024-34331) in Parallels Desktop for Mac, a popular virtualization software.

Penetration Testing 145

Penetration Testing Software 145

Penetration Testing

NOVEMBER 3, 2024

The vulnerability, identified as CVE-2024-47939 and assigned a CVSS... The post Ricoh Printers and MFPs Vulnerable to Remote Code Execution – CVE-2024-47939 (CVSS 9.8) A critical vulnerability has been discovered in Ricoh’s Web Image Monitor, impacting a wide range of their printer and MFP products.

Cybersecurity 98

Cybersecurity 98

Security Boulevard

APRIL 7, 2025

Permalink The post BSidesLV24 – HireGround – Penetration Testing Experience And How To Get It appeared first on Security Boulevard. Originating from the conferences events located at the Tuscany Suites & Casino ; and via the organizations YouTube channel.

Penetration Testing 52

Penetration Testing Education Cybersecurity 52

Penetration Testing

NOVEMBER 28, 2024

The vulnerability, tracked as... The post CVE-2024-42330 (CVSS 9.1): Zabbix Patches Critical Remote Code Execution Vulnerability appeared first on Cybersecurity News.

Cybersecurity 111

Cybersecurity 111

Penetration Testing

NOVEMBER 25, 2024

These vulnerabilities range in severity, with some potentially allowing... The post PHP Patches Multi Flaws, Including CVE-2024-8932 (CVSS 9.8), Urges Immediate Update appeared first on Cybersecurity News.

Cybersecurity 96

Cybersecurity 96

Penetration Testing

DECEMBER 1, 2024

These vulnerabilities, identified as CVE-2024-11481 (CVSS... The post Trellix Enterprise Security Manager Patches Critical Flaws, Including CVE-2024-11482 (CVSS 9.8) appeared first on Cybersecurity News.

Cybersecurity 81

Cybersecurity 81

Penetration Testing

OCTOBER 23, 2024

Cisco has disclosed an actively exploited vulnerability (CVE-2024-20481) in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that could allow attackers to launch denial-of-service (DoS) attacks against... The post Active Exploits Target Cisco ASA and FTD VPNs: Urgent Update Needed (CVE-2024-20481) appeared (..)

Software 96

Software Cybersecurity VPN 96

Penetration Testing

DECEMBER 24, 2024

Attackers... The post CVE-2024-9474 Exploited: LITTLELAMB.WOOLTEA Backdoor Discovered in Palo Alto Devices appeared first on Cybersecurity News. Northwave Cyber Security has identified a sophisticated backdoor, LITTLELAMB.WOOLTEA, targeting Palo Alto Networks firewalls.

Firewall 98

Firewall Cybersecurity Malware 98

Penetration Testing

OCTOBER 28, 2024

Designated as CVE-2024-46483, this pre-authentication... The post CVE-2024-46483 (CVSS 9.8): Xlight FTP Server Flaw Leaves Users Exposed to Remote Attacks, PoC Published appeared first on Cybersecurity News.

Authentication 98

Authentication Cybersecurity 98

Penetration Testing

NOVEMBER 1, 2024

The researcher published the technical details and a proof-of-concept (PoC) exploit for CVE-2024-38821 (CVSS 9.1).

Cybersecurity 78

Cybersecurity 78