Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2023-06-01 08:30:00 |
Zyxel Customers Urged to Patch Exploited Bug (lien direct) |
Vulnerability being "widely exploited" in Mirai-based botnet attacks
Vulnerability being "widely exploited" in Mirai-based botnet attacks |
Vulnerability
|
|
★★
|
|
2023-05-25 16:00:00 |
Expo Framework API Flaw révèle les données des utilisateurs dans les services en ligne Expo Framework API Flaw Reveals User Data in Online Services (lien direct) |
La vulnérabilité a été découverte par Salt Security et a un score CVSS de 9,6
The vulnerability was discovered by Salt Security and has a CVSS score of 9.6 |
Vulnerability
|
|
★★
|
|
2023-05-19 16:00:00 |
KeePass Flaw Exposes Master Passwords (lien direct) |
La vulnérabilité (CVE-2023-32784) a été découverte par le chercheur en sécurité Dominik Reichl
The vulnerability (CVE-2023-32784) was discovered by security researcher Dominik Reichl |
Vulnerability
|
|
★★
|
|
2023-05-12 15:30:00 |
Le plugin Addons Essential Addons Flaw expose un million de sites Web WordPress Essential Addons Plugin Flaw Exposes One Million WordPress Websites (lien direct) |
Des experts en cybersécurité de Patchstack ont décrit la vulnérabilité dans un avis publié jeudi
Patchstack cybersecurity experts described the vulnerability in an advisory published on Thursday |
Vulnerability
|
|
★★
|
|
2023-05-02 15:30:00 |
Les pirates exploitent une grande défaillance de gravité dans le système de caméra DVR TBK Hackers Exploit High Severity Flaw in TBK DVR Camera System (lien direct) |
La vulnérabilité découle d'une erreur que la caméra éprouve lors de la manipulation d'un cookie HTTP fabriqué malicieusement
Vulnerability derives from an error the camera experiences when handling a maliciously crafted HTTP cookie |
Vulnerability
|
|
★★
|
|
2023-04-26 16:05:00 |
Flaw critique corrigé dans VMware Workstation and Fusion Critical Flaw Patched in VMware Workstation and Fusion (lien direct) |
Un acteur malveillant avec des privilèges d'administration locaux pourrait exploiter la vulnérabilité pour échapper à la machine virtuelle
A malicious actor with local admin privileges could exploit the vulnerability to escape from the VM |
Vulnerability
|
|
★★
|
|
2023-04-26 09:30:00 |
La nouvelle vulnérabilité SLP pourrait permettre des attaques DDOS massives New SLP Vulnerability Could Enable Massive DDoS Attacks (lien direct) |
Bug a le potentiel de faciliter les attaques d'amplification 2200x
Bug has potential to facilitate 2200x amplification attacks |
Vulnerability
|
|
★★
|
|
2023-04-24 09:30:00 |
La complexité du cloud signifie que les bogues sont manqués dans les tests Cloud Complexity Means Bugs Are Missed in Testing (lien direct) |
La plupart des cisos pensent que la gestion de la vulnérabilité devient plus difficile
Most CISOs think vulnerability management is getting harder |
Vulnerability
Cloud
|
|
★★★
|
|
2023-03-31 15:30:00 |
La nouvelle faille Azure "Super Fabrixss" permet des attaques d'exécution de code distantes [New Azure Flaw "Super FabriXss" Enables Remote Code Execution Attacks] (lien direct) |
Le défaut de script inter-sites affecte SFX version 9.1.1436.9590 ou plus tôt et a un CVSS de 8,2
The cross-site scripting flaw affects SFX version 9.1.1436.9590 or earlier and has a CVSS of 8.2 |
Vulnerability
General Information
Industrial
|
|
★★
|
|
2023-03-30 08:30:00 |
Les voleurs volent 9 millions de dollars dans la piscine de liquidité cryptographique [Thieves Steal $9m from Crypto Liquidity Pool] (lien direct) |
Safemoon affirme que la vulnérabilité exploitée était à blâmer
SafeMoon claims exploited vulnerability was to blame |
Vulnerability
|
|
★★
|
|
2023-03-29 16:00:00 |
Le groupe de ransomware de Clop exploite Goanywhere Mft Flaw [Clop Ransomware Group Exploits GoAnywhere MFT Flaw] (lien direct) |
La vulnérabilité a un score CVSS de 7,2 et a été exploité contre plusieurs sociétés aux États-Unis
The vulnerability has a CVSS score of 7.2 and was exploited against several companies in the US |
Ransomware
Vulnerability
|
|
★★
|
|
2023-03-29 10:15:00 |
La vulnérabilité de Chatgpt peut avoir exposé les informations sur les utilisateurs \\ ' [ChatGPT Vulnerability May Have Exposed Users\\' Payment Information] (lien direct) |
La brèche a été causée par un bogue dans une bibliothèque open source
The breach was caused by a bug in an open-source library |
Vulnerability
|
ChatGPT
ChatGPT
|
★★
|
|
2023-03-28 16:00:00 |
Apple publie des correctifs de sécurité pour les anciens modèles iPhone et iPad [Apple Releases Security Patches For Older iPhone and iPad Models] (lien direct) |
La vulnérabilité fait référence à un bug de confusion de type dans le moteur du navigateur WebKit
The vulnerability refers to a type confusion bug in the WebKit browser engine |
Vulnerability
|
|
★★
|
|
2023-03-27 16:30:00 |
Microsoft corrige la faille de sécurité dans les outils de capture d'écran Windows [Microsoft Fixes Security Flaw in Windows Screenshot Tools] (lien direct) |
Information Divulgation Vulnérabilité L'Acropalypse pourrait permettre aux acteurs malveillants de récupérer des sections de captures d'écran
Information disclosure vulnerability aCropalypse could enable malicious actors to recover sections of screenshots |
Vulnerability
|
|
★★★
|
|
2023-03-24 17:00:00 |
WooCommerce patchs critiques de défauts de plugin affectant un demi-million de sites [WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites] (lien direct) |
La vulnérabilité pourrait permettre à un attaquant non authentifié d'obtenir des privilèges d'administration et de reprendre un site Web
The vulnerability could allow an unauthenticated attacker to gain admin privileges and take over a website |
Vulnerability
|
|
★★★
|
|
2023-03-16 17:00:00 |
US Government IIS Server Breached via Telerik Software Flaw (lien direct) |
The critical vulnerability allows remote code execution and was assigned a CVSS v3.1 score of 9.8 |
Vulnerability
|
|
★★
|
|
2023-03-14 16:30:00 |
CISA Creates New Ransomware Vulnerability Warning Program (lien direct) |
The Agency will warn critical infrastructure entities to enable mitigation before an incident |
Ransomware
Vulnerability
|
|
★★★
|
|
2023-02-03 17:00:00 |
Atlassian Patches Critical Authentication Flaw in Jira Software (lien direct) |
The Jira versions affected by the vulnerability are 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1 and 5.5.0 |
Vulnerability
|
|
★★★
|
|
2023-02-01 09:30:00 |
Nearly 30,000 QNAP Devices Exposed Via New Bug (lien direct) |
Vulnerability could be exploited by ransomware groups |
Ransomware
Vulnerability
|
|
★★★
|
|
2023-01-31 09:30:00 |
QNAP: Patch Critical Remote Code Injection Bug (lien direct) |
Vulnerability affects QTS and QuTS Hero firmware |
Vulnerability
|
|
★
|
|
2023-01-27 18:00:00 |
Multiple Vulnerabilities Found In Healthcare Software OpenEMR (lien direct) |
Two of these vulnerabilities combined could lead to unauthenticated remote code execution |
Vulnerability
Guideline
|
|
★★★
|
|
2023-01-13 16:00:00 |
Cisco Warns of Critical Vulnerability in End-of-Life Routers (lien direct) |
Cisco did not release updates to address the vulnerabilities and no workarounds address them |
Vulnerability
|
|
★★
|
|
2023-01-12 16:00:00 |
Google Chrome \'SymStealer\' Vulnerability Could Affect 2.5 Billion Users (lien direct) |
The warning comes from Imperva's security researcher Ron Masas |
Vulnerability
|
|
★★
|
|
2023-01-10 16:00:00 |
GitHub Adds Features to Automate Vulnerability Code Scanning (lien direct) |
Called “default setup,” the novel capability simplifies starting code scanning on repositories |
Vulnerability
|
|
★★
|
|
2022-12-14 16:00:00 |
Apple Fixes Actively Exploited iPhone Zero-Day Vulnerability (lien direct) |
The vulnerability could allow remote code execution (RCE) on a victim's device |
Vulnerability
|
|
★★
|
|
2022-12-07 18:00:00 |
Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks (lien direct) |
Attacks included fraud, vulnerability exploitation, fake applications and info stealer deployments |
Vulnerability
|
|
★★
|
|
2022-11-29 18:12:00 |
Oracle Fusion Middleware Vulnerability Actively Exploited in the Wild: CISA (lien direct) |
The bug allows unauthenticated attackers with network access to compromise Oracle Access Manager |
Vulnerability
|
|
★★★★
|
|
2022-11-25 18:00:00 |
ConnectWise Fixes XSS Vulnerability that Could Lead to Remote Code Execution (lien direct) |
Threat actors could exploit the flaw to take complete control of the ConnectWise platform |
Vulnerability
Threat
|
|
★★
|
|
2022-11-25 17:15:00 |
Google Releases Chrome Patch to Fix New Zero-Day Vulnerability (lien direct) |
The high-severity vulnerability refers to a heap buffer overflow in the GPU component |
Vulnerability
|
|
★★★
|
|
2022-11-25 16:15:00 |
Remote Code Execution Vulnerability Found in Windows Internet Key Exchange (lien direct) |
The discovered vulnerabilities could have been exploited to target almost 1000 systems |
Vulnerability
|
|
|
|
2022-11-15 17:00:00 |
Remote Code Execution Discovered in Spotify\'s Backstage (lien direct) |
Spotify ranked the vulnerability as critical, with a CVSS score of 9.8 |
Vulnerability
|
|
|
|
2022-11-14 18:00:00 |
GitHub Now Supports Private Vulnerability Reporting For Public Repositories (lien direct) |
The feature needs to be manually enabled by repository maintainers |
Vulnerability
|
|
★★
|
|
2022-11-10 16:00:00 |
Majority of Security Managers Lack Threat Intelligence Skills (lien direct) |
The report suggests threat intelligence is a crucial source for vulnerability detection |
Vulnerability
Threat
|
|
★★★★
|
|
2022-11-09 18:00:00 |
High-Risk Vulnerability Found in ABB\'s Flow Computers (lien direct) |
Attackers could exploit it by sending a specially crafted message to an affected system node |
Vulnerability
|
|
|
|
2022-11-03 10:15:00 |
UK Security Agency to Scan the Country for Bugs (lien direct) |
NCSC wants to determine "the vulnerability of the UK" |
Vulnerability
|
|
|
|
2022-10-25 16:00:00 |
(Déjà vu) Apple Fixes Actively Exploited iOS and iPadOS Zero-Day Vulnerability (lien direct) |
The out-of-bounds write issue in the kernel could be exploited to execute arbitrary code |
Vulnerability
|
|
|
|
2022-10-18 16:00:00 |
HelpSystems Patch Falls Short, RCE Vulnerability in Cobalt Strike Remains (lien direct) |
Certain components in Java Swing will interpret text as HTML content if it starts with |
Vulnerability
|
|
|
|
2022-10-12 09:20:00 |
Claroty Found Hardcoded Cryptographic Keys in Siemens PLCs Using RCE (lien direct) |
The vulnerability has been assigned a CVE – Siemens has already updated affected systems and published recommendations for mitigating the risk |
Vulnerability
|
|
|
|
2022-10-04 17:00:00 |
CISA Directive Improves Asset Visibility, Vulnerability Detection on Federal Networks (lien direct) |
It requires some federal agencies to perform automated asset discovery every seven days |
Vulnerability
|
|
|
|
2022-10-03 15:00:00 |
Lazarus Group Exploits Dell Driver Vulnerability to Bypass Windows Security (lien direct) |
ESET said the vulnerability was exploited at least twice via a specific user-mode module |
Vulnerability
|
APT 38
|
|
|
2022-09-21 16:00:00 |
350K Open-Source Projects At Risk of Supply Chain Vulnerability (lien direct) |
The flaw resides in the tarfile module, automatically installed in any Python project |
Vulnerability
|
|
|
|
2022-09-20 17:00:00 |
Critical Vulnerability in Oracle Cloud Infrastructure Allowed Unauthorized Access (lien direct) |
Potential attacks resulting from it may include privilege escalation and cross–tenant access |
Vulnerability
|
|
|
|
2022-09-02 15:45:00 |
Google Chrome Vulnerability Lets Sites Quietly Overwrite Clipboard Contents (lien direct) |
The bug was discovered by developer Jeff Johnson, who detailed his findings in a blog post |
Vulnerability
|
|
|
|
2022-09-01 14:50:00 |
(Déjà vu) Apple Releases Update for iOS 12 to Patch Exploited Vulnerability (lien direct) |
The flaw would allow the processing of maliciously crafted web content and arbitrary code execution |
Vulnerability
|
|
|
|
2022-09-01 08:50:00 |
Microsoft Finds Account Takeover Bug in TikTok (lien direct) |
Vulnerability impacted social media firm's Android app |
Vulnerability
|
|
★★★★
|
|
2022-08-24 14:30:00 |
IoT Vulnerability Disclosures Up 57% in Six Months, Claroty Reveals (lien direct) |
The research also found that vendor self-disclosures increased by 69% |
Vulnerability
|
|
|
|
2022-08-23 16:30:00 |
CISA Adds Palo Alto Networks\' PAN-OS Vulnerability to Catalog (lien direct) |
The flaw would allow a network-based unauthenticated threat actor to perform DoS attacks |
Vulnerability
Threat
|
|
|
|
2022-08-19 14:00:00 |
Apple Warns of Critical Security Risk in Safari For iPhones, iPads and Macs (lien direct) |
The vulnerability gave hackers the ability to infiltrate WebKit, the engine that powers Safari |
Vulnerability
|
|
|
|
2022-08-11 16:30:00 |
Zimbra RCE Vulnerability Exploited Without Admin Privileges (lien direct) |
Over 1,000 ZCS instances around the world were reportedly backdoored and compromised |
Vulnerability
|
|
|
|
2022-08-04 16:00:00 |
Hackers Exploit Atlassian Confluence Vulnerability to Deploy New \'Ljl\' Backdoor (lien direct) |
The TA likely used RAR and 7zip to archive files and folders from multiple directories |
Vulnerability
|
|
|