What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-02-13 14:18:37 | Apple fixes new WebKit zero-day exploited to hack iPhones, Macs (lien direct) | Apple has released emergency security updates to address a new zero-day vulnerability used in attacks to hack iPhones, iPads, and Macs. [...] | Hack Vulnerability | ★★ | |
|
2023-02-03 14:20:48 | Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide (lien direct) | Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware. [...] | Ransomware Vulnerability | ★★★ | |
|
2023-02-03 11:39:05 | GoAnywhere MFT zero-day vulnerability lets hackers breach servers (lien direct) | The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles. [...] | Vulnerability | ★★★ | |
|
2023-02-02 12:07:55 | Cisco fixes bug allowing malware persistence between reboots (lien direct) | Cisco has released security updates this week to address a high-severity vulnerability in the Cisco IOx application hosting environment that can be exploited in command injection attacks. [...] | Malware Vulnerability | ★★★ | |
|
2023-01-30 17:09:04 | KeePass disputes vulnerability allowing stealthy password theft (lien direct) | The development team behind the open-source password management software KeePass is disputing what is described as a newly found vulnerability that allows attackers to stealthily export the entire database in plain text. [...] | Vulnerability | ★★ | |
|
2023-01-28 11:32:16 | Researchers to release VMware vRealize Log RCE exploit, patch now (lien direct) | Security researchers with Horizon3's Attack Team will release next week an exploit targeting a vulnerability chain for gaining remote code execution on unpatched VMware vRealize Log Insight appliances. [...] | Vulnerability | ★★ | |
|
2023-01-25 13:00:10 | Malware exploited critical Realtek SDK bug in millions of attacks (lien direct) | Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half of 2022. [...] | Malware Vulnerability | ★★ | |
|
2023-01-20 11:02:16 | New Boldmove Linux malware used to backdoor Fortinet devices (lien direct) | Suspected Chinese hackers exploited a recently disclosed FortiOS SSL-VPN vulnerability as a zero-day in December, targeting a European government and an African MSP with a new custom 'BOLDMOVE' Linux and Windows malware. [...] | Malware Vulnerability | ★★★ | |
|
2022-12-19 14:37:18 | (Déjà vu) Microsoft finds macOS bug that lets malware bypass security checks (lien direct) | Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. [...] | Malware Vulnerability | ★★ | |
|
2022-12-19 14:37:18 | Microsoft: Achilles macOS bug lets hackers bypass Gatekeeper (lien direct) | Apple has fixed a vulnerability that could be leveraged to deploy malware on vulnerable macOS devices via untrusted applications capable of bypassing Gatekeeper application execution restrictions. [...] | Malware Vulnerability | ★★ | |
|
2022-12-14 13:24:00 | Microsoft patches Windows zero-day used to drop ransomware (lien direct) | Microsoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads. [...] | Ransomware Malware Vulnerability Threat | ★★ | |
|
2022-12-13 15:48:43 | (Déjà vu) Apple security update fixes new iOS zero-day used to hack iPhones (lien direct) | In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones. [...] | Hack Vulnerability | ★★ | |
|
2022-11-19 13:28:32 | New attacks use Windows security bypass zero-day to drop malware (lien direct) | New phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. [...] | Malware Vulnerability | ||
|
2022-09-12 14:20:48 | Apple fixes eighth zero-day used to hack iPhones and Macs this year (lien direct) | Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year. [...] | Hack Vulnerability | ||
|
2022-09-12 12:00:00 | Lorenz ransomware breaches corporate network via phone systems (lien direct) | The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises using their phone systems for initial access to their corporate networks. [...] | Ransomware Vulnerability | ||
|
2022-08-29 14:16:46 | Nelnet Servicing breach exposes data of 2.5M student loan accounts (lien direct) | Nelnet Serving, a Nebraska-based student loan technology services provider, has been breached by unauthorized network intruders who exploited a vulnerability in its systems. [...] | Vulnerability | ||
|
2022-08-18 15:49:45 | Apple releases Safari 15.6.1 to fix zero-day bug used in attacks (lien direct) | Apple has released Safari 15.6.1 for macOS Big Sur and Catalina to fix a zero-day vulnerability exploited in the wild to hack Macs. [...] | Hack Vulnerability | ||
|
2022-08-18 06:00:00 | Amazon fixes Ring Android app flaw exposing camera recordings (lien direct) | Amazon has fixed a high-severity vulnerability in the Amazon Ring app for Android that could have allowed hackers to download customers' saved camera recordings. [...] | Vulnerability | ||
|
2022-08-11 15:32:34 | Zimbra auth bypass bug exploited to breach over 1,000 servers (lien direct) | An authentication bypass Zimbra security vulnerability is being exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide. [...] | Vulnerability | ||
|
2022-08-05 12:00:00 | Twitter confirms zero-day used to expose data of 5.4 million accounts (lien direct) | Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles. [...] | Data Breach Vulnerability Threat | ||
|
2022-07-25 12:16:04 | Hackers exploited PrestaShop zero-day to breach online stores (lien direct) | Hackers are targeting websites using the PrestaShop platform, leveraging a previously unknown vulnerability chain to perform code execution and potentially steal customers' payment information. [...] | Vulnerability | ||
|
2022-07-22 18:00:35 | Hacker selling Twitter account data of 5.4 million users for $30k (lien direct) | Twitter has suffered a data breach after threat actors used a vulnerability to build a database of phone numbers and email addresses belonging to 5.4 million accounts, with the data now up for sale on a hacker forum for $30,000. [...] | Data Breach Vulnerability Threat | ||
|
2022-07-22 11:05:22 | Atlassian: Confluence hardcoded password was leaked, patch now! (lien direct) | Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. [...] | Vulnerability | ||
|
2022-07-21 12:44:18 | Chrome zero-day used to infect journalists with Candiru spyware (lien direct) | The Israeli spyware vendor Candiru was found using a zero-day vulnerability in Google Chrome to spy on journalists and other high-interest individuals in the Middle East with the 'DevilsTongue' spyware. [...] | Vulnerability | ||
|
2022-07-12 17:10:17 | CISA orders agencies to patch new Windows zero-day used in attacks (lien direct) | CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild. [...] | Vulnerability | ||
|
2022-07-04 13:56:49 | Google patches new Chrome zero-day flaw exploited in attacks (lien direct) | Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild, the fourth Chrome zero-day patched in 2022. [...] | Vulnerability | ||
|
2022-07-02 11:36:48 | Rogue HackerOne employee steals bug reports to sell on the side (lien direct) | A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. [...] | Vulnerability | ||
|
2022-06-29 12:30:00 | CISA warns of hackers exploiting PwnKit Linux vulnerability (lien direct) | The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild. [...] | Vulnerability | ||
|
2022-06-29 07:00:00 | Amazon fixes high-severity vulnerability in Android Photos app (lien direct) | Amazon has confirmed and fixed a vulnerability in its Photos app for Android, which has been downloaded over 50 million times on the Google Play Store. [...] | Vulnerability | ||
|
2022-06-29 06:48:22 | Microsoft fixes bug that let hackers hijack Azure Linux clusters (lien direct) | Microsoft has fixed a container escape vulnerability in the Service Fabric (SF) application hosting platform that would allow threat actors to escalate privileges to root, gain control of the host node, and compromise the entire SF Linux cluster. [...] | Vulnerability Threat | ||
|
2022-06-21 15:34:44 | Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware (lien direct) | The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. [...] | Malware Vulnerability | ||
|
2022-06-17 13:13:08 | Cisco says it won\'t fix zero-day RCE in end-of-life VPN routers (lien direct) | Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. [...] | Vulnerability | ||
|
2022-06-16 18:23:46 | Sophos Firewall zero-day bug exploited weeks before fix (lien direct) | Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. [...] | Vulnerability | ||
|
2022-06-16 14:58:32 | 730K WordPress sites force-updated to patch critical plugin bug (lien direct) | WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. [...] | Vulnerability | ||
|
2022-06-16 10:19:12 | MetaMask, Phantom warn of flaw that could steal your crypto wallets (lien direct) | MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it. [...] | Vulnerability | ★★★ | |
|
2022-06-15 14:24:33 | Cisco Secure Email bug can let attackers bypass authentication (lien direct) | Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. [...] | Vulnerability | ||
|
2022-06-15 14:01:42 | Zimbra bug allows stealing email logins with no user interaction (lien direct) | Zimbra and SonarSource proceeded to the coordinated disclosure of a high-severity vulnerability that allows unauthenticated attackers to steal cleartext credentials from Zimbra without any user interaction. [...] | Vulnerability | ||
|
2022-06-15 10:46:21 | Citrix warns critical bug can let attackers reset admin passwords (lien direct) | Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords. [...] | Vulnerability | ||
|
2022-06-14 14:00:06 | Microsoft patches actively exploited Follina Windows zero-day (lien direct) | Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. [...] | Vulnerability | ||
|
2022-06-14 13:45:44 | Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws (lien direct) | Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. [...] | Vulnerability | ||
|
2022-06-13 10:28:07 | Russian hackers start targeting Ukraine with Follina exploits (lien direct) | Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...] | Tool Vulnerability | ||
|
2022-06-11 10:31:49 | Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware (lien direct) | Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. [...] | Ransomware Vulnerability | ||
|
2022-06-08 14:22:49 | Linux botnets now exploit critical Atlassian Confluence bug (lien direct) | Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs. [...] | Vulnerability | ||
|
2022-06-07 12:59:01 | (Déjà vu) New \'DogWalk\' Windows zero-day bug gets free unofficial patches (lien direct) | Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform. [...] | Tool Vulnerability | ||
|
2022-06-07 12:59:01 | Two-year-old Windows DIAGCAB zero-day gets unofficial patches (lien direct) | Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform. [...] | Tool Vulnerability | ||
|
2022-06-07 09:14:02 | Android June 2022 updates bring fix for critical RCE vulnerability (lien direct) | Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical. [...] | Vulnerability | ||
|
2022-06-06 12:09:50 | Windows zero-day exploited in US local govt phishing attacks (lien direct) | European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [...] | Vulnerability | ||
|
2022-06-05 12:41:19 | Exploit released for Atlassian Confluence RCE bug, patch now (lien direct) | Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend. [...] | Vulnerability | ||
|
2022-06-03 13:47:53 | Atlassian fixes Confluence zero-day widely exploited in attacks (lien direct) | Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers. [...] | Vulnerability | ||
|
2022-06-02 21:41:40 | Critical Atlassian Confluence zero-day actively used in attacks (lien direct) | Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. [...] | Vulnerability |
To see everything:
Our RSS (filtrered)
