What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-30 08:30:00 | Les voleurs volent 9 millions de dollars dans la piscine de liquidité cryptographique [Thieves Steal $9m from Crypto Liquidity Pool] (lien direct) | Safemoon affirme que la vulnérabilité exploitée était à blâmer
SafeMoon claims exploited vulnerability was to blame |
Vulnerability | ★★ | |
|
2023-03-29 16:00:00 | Le groupe de ransomware de Clop exploite Goanywhere Mft Flaw [Clop Ransomware Group Exploits GoAnywhere MFT Flaw] (lien direct) | La vulnérabilité a un score CVSS de 7,2 et a été exploité contre plusieurs sociétés aux États-Unis
The vulnerability has a CVSS score of 7.2 and was exploited against several companies in the US |
Ransomware Vulnerability | ★★ | |
|
2023-03-29 10:15:00 | La vulnérabilité de Chatgpt peut avoir exposé les informations sur les utilisateurs \\ ' [ChatGPT Vulnerability May Have Exposed Users\\' Payment Information] (lien direct) | La brèche a été causée par un bogue dans une bibliothèque open source
The breach was caused by a bug in an open-source library |
Vulnerability | ChatGPT ChatGPT | ★★ |
|
2023-03-28 16:00:00 | Apple publie des correctifs de sécurité pour les anciens modèles iPhone et iPad [Apple Releases Security Patches For Older iPhone and iPad Models] (lien direct) | La vulnérabilité fait référence à un bug de confusion de type dans le moteur du navigateur WebKit
The vulnerability refers to a type confusion bug in the WebKit browser engine |
Vulnerability | ★★ | |
|
2023-03-27 16:30:00 | Microsoft corrige la faille de sécurité dans les outils de capture d'écran Windows [Microsoft Fixes Security Flaw in Windows Screenshot Tools] (lien direct) | Information Divulgation Vulnérabilité L'Acropalypse pourrait permettre aux acteurs malveillants de récupérer des sections de captures d'écran
Information disclosure vulnerability aCropalypse could enable malicious actors to recover sections of screenshots |
Vulnerability | ★★★ | |
|
2023-03-24 17:00:00 | WooCommerce patchs critiques de défauts de plugin affectant un demi-million de sites [WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites] (lien direct) | La vulnérabilité pourrait permettre à un attaquant non authentifié d'obtenir des privilèges d'administration et de reprendre un site Web
The vulnerability could allow an unauthenticated attacker to gain admin privileges and take over a website |
Vulnerability | ★★★ | |
|
2023-03-16 17:00:00 | US Government IIS Server Breached via Telerik Software Flaw (lien direct) | The critical vulnerability allows remote code execution and was assigned a CVSS v3.1 score of 9.8 | Vulnerability | ★★ | |
|
2023-03-14 16:30:00 | CISA Creates New Ransomware Vulnerability Warning Program (lien direct) | The Agency will warn critical infrastructure entities to enable mitigation before an incident | Ransomware Vulnerability | ★★★ | |
|
2023-02-03 17:00:00 | Atlassian Patches Critical Authentication Flaw in Jira Software (lien direct) | The Jira versions affected by the vulnerability are 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1 and 5.5.0 | Vulnerability | ★★★ | |
|
2023-02-01 09:30:00 | Nearly 30,000 QNAP Devices Exposed Via New Bug (lien direct) | Vulnerability could be exploited by ransomware groups | Ransomware Vulnerability | ★★★ | |
|
2023-01-31 09:30:00 | QNAP: Patch Critical Remote Code Injection Bug (lien direct) | Vulnerability affects QTS and QuTS Hero firmware | Vulnerability | ★ | |
|
2023-01-27 18:00:00 | Multiple Vulnerabilities Found In Healthcare Software OpenEMR (lien direct) | Two of these vulnerabilities combined could lead to unauthenticated remote code execution | Vulnerability Guideline | ★★★ | |
|
2023-01-13 16:00:00 | Cisco Warns of Critical Vulnerability in End-of-Life Routers (lien direct) | Cisco did not release updates to address the vulnerabilities and no workarounds address them | Vulnerability | ★★ | |
|
2023-01-12 16:00:00 | Google Chrome \'SymStealer\' Vulnerability Could Affect 2.5 Billion Users (lien direct) | The warning comes from Imperva's security researcher Ron Masas | Vulnerability | ★★ | |
|
2023-01-10 16:00:00 | GitHub Adds Features to Automate Vulnerability Code Scanning (lien direct) | Called “default setup,” the novel capability simplifies starting code scanning on repositories | Vulnerability | ★★ | |
|
2022-12-14 16:00:00 | Apple Fixes Actively Exploited iPhone Zero-Day Vulnerability (lien direct) | The vulnerability could allow remote code execution (RCE) on a victim's device | Vulnerability | ★★ | |
|
2022-12-07 18:00:00 | Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks (lien direct) | Attacks included fraud, vulnerability exploitation, fake applications and info stealer deployments | Vulnerability | ★★ | |
|
2022-11-29 18:12:00 | Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA (lien direct) | The bug allows unauthenticated attackers with network access to compromise Oracle Access Manager | Vulnerability | ★★★★ | |
|
2022-11-25 18:00:00 | ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution (lien direct) | Threat actors could exploit the flaw to take complete control of the ConnectWise platform | Vulnerability Threat | ★★ | |
|
2022-11-25 17:15:00 | Google Releases Chrome Patch to Fix New Zero-Day Vulnerability (lien direct) | The high-severity vulnerability refers to a heap buffer overflow in the GPU component | Vulnerability | ★★★ | |
|
2022-11-25 16:15:00 | Remote Code Execution Vulnerability Found in Windows Internet Key Exchange (lien direct) | The discovered vulnerabilities could have been exploited to target almost 1000 systems | Vulnerability | ||
|
2022-11-15 17:00:00 | Remote Code Execution Discovered in Spotify\'s Backstage (lien direct) | Spotify ranked the vulnerability as critical, with a CVSS score of 9.8 | Vulnerability | ||
|
2022-11-14 18:00:00 | GitHub Now Supports Private Vulnerability Reporting For Public Repositories (lien direct) | The feature needs to be manually enabled by repository maintainers | Vulnerability | ★★ | |
|
2022-11-10 16:00:00 | Majority of Security Managers Lack Threat Intelligence Skills (lien direct) | The report suggests threat intelligence is a crucial source for vulnerability detection | Vulnerability Threat | ★★★★ | |
|
2022-11-09 18:00:00 | High-Risk Vulnerability Found in ABB\'s Flow Computers (lien direct) | Attackers could exploit it by sending a specially crafted message to an affected system node | Vulnerability | ||
|
2022-11-03 10:15:00 | UK Security Agency to Scan the Country for Bugs (lien direct) | NCSC wants to determine "the vulnerability of the UK" | Vulnerability | ||
|
2022-10-25 16:00:00 | (Déjà vu) Apple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability (lien direct) | The out-of-bounds write issue in the kernel could be exploited to execute arbitrary code | Vulnerability | ||
|
2022-10-18 16:00:00 | HelpSystems Patch Falls Short, RCE Vulnerability in Cobalt Strike Remains (lien direct) | Certain components in Java Swing will interpret text as HTML content if it starts with | Vulnerability | ||
|
2022-10-12 09:20:00 | Claroty Found Hardcoded Cryptographic Keys in Siemens PLCs Using RCE (lien direct) | The vulnerability has been assigned a CVE – Siemens has already updated affected systems and published recommendations for mitigating the risk | Vulnerability | ||
|
2022-10-04 17:00:00 | CISA Directive Improves Asset Visibility, Vulnerability Detection on Federal Networks (lien direct) | It requires some federal agencies to perform automated asset discovery every seven days | Vulnerability | ||
|
2022-10-03 15:00:00 | Lazarus Group Exploits Dell Driver Vulnerability to Bypass Windows Security (lien direct) | ESET said the vulnerability was exploited at least twice via a specific user-mode module | Vulnerability | APT 38 | |
|
2022-09-21 16:00:00 | 350K Open-Source Projects At Risk of Supply Chain Vulnerability (lien direct) | The flaw resides in the tarfile module, automatically installed in any Python project | Vulnerability | ||
|
2022-09-20 17:00:00 | Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access (lien direct) | Potential attacks resulting from it may include privilege escalation and cross–tenant access | Vulnerability | ||
|
2022-09-02 15:45:00 | Google Chrome Vulnerability Lets Sites Quietly Overwrite Clipboard Contents (lien direct) | The bug was discovered by developer Jeff Johnson, who detailed his findings in a blog post | Vulnerability | ||
|
2022-09-01 14:50:00 | (Déjà vu) Apple Releases Update for iOS 12 to Patch Exploited Vulnerability (lien direct) | The flaw would allow the processing of maliciously crafted web content and arbitrary code execution | Vulnerability | ||
|
2022-09-01 08:50:00 | Microsoft Finds Account Takeover Bug in TikTok (lien direct) | Vulnerability impacted social media firm's Android app | Vulnerability | ★★★★ | |
|
2022-08-24 14:30:00 | IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals (lien direct) | The research also found that vendor self-disclosures increased by 69% | Vulnerability | ||
|
2022-08-23 16:30:00 | CISA Adds Palo Alto Networks\' PAN-OS Vulnerability to Catalog (lien direct) | The flaw would allow a network-based unauthenticated threat actor to perform DoS attacks | Vulnerability Threat | ||
|
2022-08-19 14:00:00 | Apple Warns of Critical Security Risk in Safari For iPhones, iPads and Macs (lien direct) | The vulnerability gave hackers the ability to infiltrate WebKit, the engine that powers Safari | Vulnerability | ||
|
2022-08-11 16:30:00 | Zimbra RCE Vulnerability Exploited Without Admin Privileges (lien direct) | Over 1,000 ZCS instances around the world were reportedly backdoored and compromised | Vulnerability | ||
|
2022-08-04 16:00:00 | Hackers Exploit Atlassian Confluence Vulnerability to Deploy New \'Ljl\' Backdoor (lien direct) | The TA likely used RAR and 7zip to archive files and folders from multiple directories | Vulnerability | ||
|
2022-08-02 15:00:00 | Google Patches Critical Android Bluetooth Flaw in August Security Bulletin (lien direct) | The Bluetooth vulnerability has been patched on Android 10, 11, 12 and 12L | Vulnerability | ||
|
2022-07-06 10:00:00 | Google Patches Chrome Zero Day Under Attack (lien direct) | Rapid fix for vulnerability being exploited in the wild | Vulnerability | ||
|
2022-07-04 08:45:00 | HackerOne Insider Defrauded Customers (lien direct) | Former employee re-submitted vulnerability data for personal gain | Vulnerability | ||
|
2022-06-29 16:30:00 | New UnRAR Vulnerability Could Lead to Zimbra Webmail Hack (lien direct) | Successful exploitation would give an attacker access to all emails on a compromised server | Hack Vulnerability | ||
|
2022-06-29 16:00:00 | Amazon Fixes High Severity Vulnerability in Amazon Photos Android App (lien direct) | The vulnerability derived from a misconfiguration of one of the Photos app's components | Vulnerability | ||
|
2022-06-17 16:00:00 | WordPress Updates More Than a Million Sites to Fix Critical Ninja Forms Vulnerability (lien direct) | The code injection vulnerability allowed attackers to call methods in various Ninja Forms classes | Vulnerability | ||
|
2022-06-06 16:00:00 | Critical Vulnerability Found in Motorola\'s Unisoc Chips (lien direct) | Checkpoint Research spotted a critical vulnerability in Unisoc Tiger T700 chips in three Motorola models | Vulnerability | ||
|
2022-04-06 09:00:00 | Almost a Fifth of Global Firms Targeted with Spring4Shell (lien direct) | New vulnerability exploited most widely in Europe | Vulnerability | ||
|
2022-03-31 08:45:00 | No Patch Available Yet for Critical SpringShell Bug (lien direct) | Vulnerability has echoes of infamous Struts and Log4Shell vulnerabilities | Vulnerability | ★★★ |
To see everything:
Our RSS (filtrered)
