Search cyberveille.decio.ch

Found 10 bookmarks

Custom sorting

Fortinet discloses second firewall auth bypass patched in January

Fortinet has disclosed a second authentication bypass vulnerability that was fixed as part of a January 2025 update for FortiOS and FortiProxy devices.

#bleepingcomputer #Actively-Exploited #Authentication-Bypass #Fortinet #FortiOS #FortiProxy #Zero-Day

·bleepingcomputer.com·Feb 12, 2025

Fortinet discloses second firewall auth bypass patched in January

Apple fixes this year’s first actively exploited zero-day bug

Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.

#bleepingcomputer #EN #2025 #Actively-Exploited #Apple #iOS #iPhone #Zero-Day

·bleepingcomputer.com·Jan 28, 2025

Apple fixes this year’s first actively exploited zero-day bug

Hackers exploit Roundcube webmail flaw to steal email, credentials

Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union.

#bleepingcomputer #EN #2024 #Actively-Exploited #CVE-2024-37383 #Cross-Site-Scripting #Email #Roundcube #Vulnerability #XSS

·bleepingcomputer.com·Oct 22, 2024

Hackers exploit Roundcube webmail flaw to steal email, credentials

Black Basta ransomware gang linked to Windows zero-day attacks

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.

#bleepingcomputer #en #2024 #Actively-Exploited #Black-Basta #Ransomware #Vulnerability #Zero-Day #CVE-2024-26169

·bleepingcomputer.com·Jun 15, 2024

Black Basta ransomware gang linked to Windows zero-day attacks

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access.

#bleepingcomputer #EN #2024 #Actively-Exploited #Plugin #SQL-Injection #Vulnerability #WordPress #WP-Automatic

·bleepingcomputer.com·Apr 27, 2024

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.

#bleepingcomputer #EN #2024 #Actively-Exploited #Exploit #Fortinet #PoC #Proof-of-Concept #RCE #Remote-Code-Execution #SQL-Injection #CVE-2023-48788

·bleepingcomputer.com·Mar 21, 2024

Exploit released for Fortinet RCE bug used in attacks, patch now

Hackers are exploiting critical Apache Struts flaw using public PoC

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.

#bleepingcomputer #EN #2023 #Actively-Exploited #Apache-Struts #PoC #Proof-of-Concept #RCE #Remote-Code-Execution #CVE-2023-50164

·bleepingcomputer.com·Dec 13, 2023

Hackers are exploiting critical Apache Struts flaw using public PoC

Sophos backports RCE fix after attacks on unsupported firewalls

Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.

#bleepingcomputer #En #2023 #Actively-Exploited #Firewall #RCE #Remote-Code-Execution #Security-Update #Sophos

·bleepingcomputer.com·Dec 12, 2023

Sophos backports RCE fix after attacks on unsupported firewalls

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks.

#bleepingcomputer #EN #2023 #Actively-Exploited #Android #Mobile #Qualcomm #Vulnerability #Zero-Day #GPU #Adreno

·bleepingcomputer.com·Oct 3, 2023

Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers

Ivanti warns of new actively exploited MobileIron zero-day bug

US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.

#bleepingcomputer #Ivanti #Actively-Exploited #Authentication-Bypass #MobileIron #Warning #Zero-Day #0-day

·bleepingcomputer.com·Aug 21, 2023

Ivanti warns of new actively exploited MobileIron zero-day bug