This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T20:18:51+00:00 www.secnews.physaphae.fr InfoSecurity Mag - InfoSecurity Magazine As the US presidential election draws near, polling company Gallup acts to block XSS vulnerability]]> 2024-09-11T15:30:00+00:00 https://www.infosecurity-magazine.com/news/gallup-security-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8574676 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine September\'s Patch Tuesday fix-list features scores of CVEs including four zero-day vulnerabilities]]> 2024-09-11T08:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-fixes-four-actively/ www.secnews.physaphae.fr/article.php?IdArticle=8574465 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Researchers have warned that a critical SonicWall vulnerability is being exploited in ransomware attacks]]> 2024-09-10T08:40:00+00:00 https://www.infosecurity-magazine.com/news/critical-sonicwall-bug-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=8573749 False Ransomware,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cisco has urged customers to apply software updates to fix the critical vulnerabilities, which could allow attackers to collect sensitive data or administer services]]> 2024-09-05T13:00:00+00:00 https://www.infosecurity-magazine.com/news/cisco-critical-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8570480 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Forescout highlighted a 43% increase in published vulnerabilities in H1 2024, with attackers targeting flaws in VPNs and network infrastructure for initial access]]> 2024-08-30T13:00:00+00:00 https://www.infosecurity-magazine.com/news/published-vulnerabilities-surge/ www.secnews.physaphae.fr/article.php?IdArticle=8566851 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors are exploiting a vulnerability found in CCTV cameras used in critical infrastructure to spread a Mirai malware variant]]> 2024-08-29T14:00:00+00:00 https://www.infosecurity-magazine.com/news/unpatched-cctv-cameras-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=8566201 False Malware,Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ESET uncovers a South Korean cyber-espionage campaign featuring a zero-day exploit for WPS Office]]> 2024-08-28T08:50:00+00:00 https://www.infosecurity-magazine.com/news/south-korean-spies-exploit-wps/ www.secnews.physaphae.fr/article.php?IdArticle=8565267 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The flaw in Microsoft 365 Copilot allowed data theft using ASCII smuggling and prompt injection]]> 2024-08-27T16:15:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-365-copilot-flaw-exposes/ www.secnews.physaphae.fr/article.php?IdArticle=8564784 False Vulnerability None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The Chinese cyber espionage group was observed jailbreaking a Cisco switch appliance using a zero-day exploit]]> 2024-08-26T08:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-velvet-ant-cisco-0day/ www.secnews.physaphae.fr/article.php?IdArticle=8563952 False Malware,Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US FAA has proposed new rules for aircraft to address cyber vulnerabilities caused by the increased interconnectivity of critical systems]]> 2024-08-22T14:30:00+00:00 https://www.infosecurity-magazine.com/news/faa-gaps-aircraft-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8562013 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine SolarWinds has discovered and fixed a critical remote code execution vulnerability in Web Help Desk]]> 2024-08-15T08:35:00+00:00 https://www.infosecurity-magazine.com/news/solarwinds-upgrade-critical-rce-bug/ www.secnews.physaphae.fr/article.php?IdArticle=8558048 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CVE-2024-38173 is a medium severity RCE flaw in Microsoft Outlook, similar to CVE-2024-30103]]> 2024-08-14T15:00:00+00:00 https://www.infosecurity-magazine.com/news/research-uncovers-new-microsoft/ www.secnews.physaphae.fr/article.php?IdArticle=8557652 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Tenable detailed two privilege escalation vulnerabilities in the Azure Health Bot Service, one of which has been rated critical]]> 2024-08-14T11:15:00+00:00 https://www.infosecurity-magazine.com/news/critical-vulnerability-microsoft/ www.secnews.physaphae.fr/article.php?IdArticle=8557543 False Vulnerability,Medical None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft\'s August Patch Tuesday saw the tech giant address nine zero-day vulnerabilities]]> 2024-08-14T08:50:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-fixes-nine-zerodays/ www.secnews.physaphae.fr/article.php?IdArticle=8557491 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The CVE-2024-6768 flaw in the Windows CLFS.sys driver can lead to BSOD]]> 2024-08-12T15:30:00+00:00 https://www.infosecurity-magazine.com/news/vulnerability-windows-driver/ www.secnews.physaphae.fr/article.php?IdArticle=8556443 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine DARPA awards $14 million to seven teams competing to develop AI systems capable of identifying and patching vulnerabilities in open-source software]]> 2024-08-12T14:05:00+00:00 https://www.infosecurity-magazine.com/news/darpa-awards-14m-seven-teams-ai-1/ www.secnews.physaphae.fr/article.php?IdArticle=8556389 False Vulnerability,Patching None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine DARPA\'s AI Cyber Challenge is enlisting AI to fight software vulnerabilities, with the healthcare sector closely watching the semi-finals as a potential solution to rising cyber threats]]> 2024-08-07T13:30:00+00:00 https://www.infosecurity-magazine.com/news/darpas-ai-cyber-challenge-heats-up/ www.secnews.physaphae.fr/article.php?IdArticle=8553428 False Vulnerability,Medical None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Only 0.91% of vulnerabilities of the reported CVEs were weaponized, but represent the most severe risks]]> 2024-08-06T13:15:00+00:00 https://www.infosecurity-magazine.com/news/cves-surge-30-2024/ www.secnews.physaphae.fr/article.php?IdArticle=8552743 False Vulnerability None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine SonicWall discovered the Apache OFBiz flaw, identifying it as a critical issue enabling unauthenticated remote code execution]]> 2024-08-05T15:30:00+00:00 https://www.infosecurity-magazine.com/news/fla-apache-ofbiz-requires-patching/ www.secnews.physaphae.fr/article.php?IdArticle=8552180 False Vulnerability,Patching None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Salt Labs also said XSS combined with OAuth can lead to severe breaches]]> 2024-07-29T13:00:00+00:00 https://www.infosecurity-magazine.com/news/hotjar-business-insider-flaw-oauth/ www.secnews.physaphae.fr/article.php?IdArticle=8546600 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine All SAP AI Core vulnerabilities were reported to SAP by Wiz and have since been fixed]]> 2024-07-18T17:00:00+00:00 https://www.infosecurity-magazine.com/news/sap-ai-core-expose-customer-data/ www.secnews.physaphae.fr/article.php?IdArticle=8539681 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA has told federal agencies to patch a critical GeoServer GeoTools vulnerability under active exploitation]]> 2024-07-17T08:30:00+00:00 https://www.infosecurity-magazine.com/news/cisa-patch-critical-geoserver/ www.secnews.physaphae.fr/article.php?IdArticle=8538708 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Sysdig said CRYSTALRAY used a variety of open source security tools to scan for vulnerabilities]]> 2024-07-15T16:15:00+00:00 https://www.infosecurity-magazine.com/news/crystalray-cyber-attacks-grow/ www.secnews.physaphae.fr/article.php?IdArticle=8537644 False Tool,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An alert from the CISA and the FBI has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities]]> 2024-07-11T13:30:00+00:00 https://www.infosecurity-magazine.com/news/cisa-software-eliminate-command/ www.secnews.physaphae.fr/article.php?IdArticle=8535026 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine For trusted senders, the flaw is zero-click, but requires one-click interactions for untrusted ones]]> 2024-07-10T15:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-outlook-zero-click-rce/ www.secnews.physaphae.fr/article.php?IdArticle=8534361 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Microsoft has addressed two actively exploited and two publicly disclosed zero-day bugs this month]]> 2024-07-10T08:40:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-four-zerodays-july-patch/ www.secnews.physaphae.fr/article.php?IdArticle=8534113 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A joint government advisory warned that the Chinese state-sponsored actor APT40 is capable of immediately exploiting newly public vulnerabilities in widely used software]]> 2024-07-09T12:30:00+00:00 https://www.infosecurity-magazine.com/news/chinese-state-exploits/ www.secnews.physaphae.fr/article.php?IdArticle=8533475 False Vulnerability APT 40 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cisco has told customers that 42 of its products are impacted by the OpenSSH regreSSHion vulnerability, with a further 51 products being investigated]]> 2024-07-08T14:30:00+00:00 https://www.infosecurity-magazine.com/news/cisco-regresshion-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8532851 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The vulnerabilities stem from manipulable custom classes in PanelView Plus]]> 2024-07-03T15:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-uncovers-flaws-rockwell/ www.secnews.physaphae.fr/article.php?IdArticle=8529994 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cisco has patched a zero-day vulnerability exploited by a Chinese APT group to compromise Nexus switches]]> 2024-07-02T08:30:00+00:00 https://www.infosecurity-magazine.com/news/cisco-patches-zeroday-bug-chinese/ www.secnews.physaphae.fr/article.php?IdArticle=8529409 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A newly discovered RCE vulnerability, which can lead to full system compromise, has put over 14 million OpenSSH server instances are potentially at risk, according to Qualys]]> 2024-07-01T13:00:00+00:00 https://www.infosecurity-magazine.com/news/openssh-flaw-system-compromise/ www.secnews.physaphae.fr/article.php?IdArticle=8529203 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A CISA analysis in collaboration with international partners concluded most critical open source projects potentially contain memory safety vulnerabilities]]> 2024-06-27T13:00:00+00:00 https://www.infosecurity-magazine.com/news/open-source-projects-memory-unsafe/ www.secnews.physaphae.fr/article.php?IdArticle=8526580 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Two authentication bypass vulnerabilities affect Progress Software\'s MOVEit Transfer SFTP service in a default configuration and MOVEit Gateway]]> 2024-06-26T16:15:00+00:00 https://www.infosecurity-magazine.com/news/progress-new-vulnerabilities-moveit/ www.secnews.physaphae.fr/article.php?IdArticle=8526101 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The framework aims to improve automated vulnerability discovery approaches]]> 2024-06-25T11:30:00+00:00 https://www.infosecurity-magazine.com/news/google-naptime-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8525278 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The group has been observed exploiting vulnerabilities through SQL injection attacks since 2022]]> 2024-06-24T16:15:00+00:00 https://www.infosecurity-magazine.com/news/modular-malware-boolkas-bmanager/ www.secnews.physaphae.fr/article.php?IdArticle=8524765 False Malware,Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A cryptocurrency exchange claims to have been extorted after \'researchers\' exploited a vulnerability to steal millions]]> 2024-06-20T09:15:00+00:00 https://www.infosecurity-magazine.com/news/crypto-firm-kraken-cops/ www.secnews.physaphae.fr/article.php?IdArticle=8521762 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine VMware has disclosed critical vulnerabilities impacting its VMware vSphere and VMware Cloud Foundation products, with patches available for customers]]> 2024-06-18T13:00:00+00:00 https://www.infosecurity-magazine.com/news/vmware-critical-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8520436 False Vulnerability,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A series of vulnerabilities could enable an attacker to bypass the Chinese manufacturer\'s biometric access systems]]> 2024-06-13T11:30:00+00:00 https://www.infosecurity-magazine.com/news/kaspersky-flaws-chinese-biometric/ www.secnews.physaphae.fr/article.php?IdArticle=8517213 False Vulnerability None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine In a new report, WithSecure found that higher severity vulnerabilities in edge services and infrastructure devices are rising fast]]> 2024-06-12T15:30:00+00:00 https://www.infosecurity-magazine.com/news/withsecure-exploitation-edge/ www.secnews.physaphae.fr/article.php?IdArticle=8517217 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine June Patch Tuesday sees Microsoft fix over 50 bugs, including one already publicly disclosed]]> 2024-06-12T09:15:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-patches-critica-zeroday/ www.secnews.physaphae.fr/article.php?IdArticle=8517221 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new Forescout report found that IoT devices containing vulnerabilities surged 136% compared to a year ago, becoming a key focus for attackers]]> 2024-06-10T13:00:00+00:00 https://www.infosecurity-magazine.com/news/iot-vulnerabilities-entry-point/ www.secnews.physaphae.fr/article.php?IdArticle=8516273 False Vulnerability,Industrial None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Mingard provides a continuous AI red teaming and vulnerability remediation platform]]> 2024-06-06T15:30:00+00:00 https://www.infosecurity-magazine.com/news/infosec-ai-red-teaming-mindgard/ www.secnews.physaphae.fr/article.php?IdArticle=8514174 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine These attacks did not exploit a vulnerability but instead leveraged weaker authentication methods]]> 2024-05-28T16:15:00+00:00 https://www.infosecurity-magazine.com/news/check-point-urges-vpn-configuration/ www.secnews.physaphae.fr/article.php?IdArticle=8508667 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Slider Revolution is a widely used premium Wordpress plugin with over 9 million active users]]> 2024-05-28T15:30:00+00:00 https://www.infosecurity-magazine.com/news/xss-flaws-wordpress-plugin-slider/ www.secnews.physaphae.fr/article.php?IdArticle=8508634 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Over half of CISA\'s known exploited vulnerabilities disclosed since February 2024 have not yet been analyzed by NIST\'s National Vulnerability Database]]> 2024-05-23T13:00:00+00:00 https://www.infosecurity-magazine.com/news/nvd-exploited-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8505434 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The plugin is used by over 20,000 sites and enables users to create customizable community websites]]> 2024-05-22T15:30:00+00:00 https://www.infosecurity-magazine.com/news/userpro-plugin-flaw-allows-account/ www.secnews.physaphae.fr/article.php?IdArticle=8504842 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US government UPGRADE program aims to automate vulnerability management in hospital environments, ensuring minimum disruption to services]]> 2024-05-22T10:00:00+00:00 https://www.infosecurity-magazine.com/news/us-program-hospitals-patch/ www.secnews.physaphae.fr/article.php?IdArticle=8504636 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Rapid7 found there were more mass compromise events arose from zero-day vulnerabilities than from n-day vulnerabilities in 2023]]> 2024-05-21T11:30:00+00:00 https://www.infosecurity-magazine.com/news/network-security-flaws-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=8504001 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine UK organizations are less likely than their European peers to have known exploited bugs but take longer to fix them]]> 2024-05-16T09:15:00+00:00 https://www.infosecurity-magazine.com/news/uk-lags-europe-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=8500834 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Several software security experts have told Infosecurity that no new vulnerabilities have been added to the US National Vulnerability Database (NVD) since May 9]]> 2024-05-14T14:50:00+00:00 https://www.infosecurity-magazine.com/news/nist-cve-stop-questioned/ www.secnews.physaphae.fr/article.php?IdArticle=8499637 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Palo Alto Networks warns threat actors are using DNS tunneling techniques to probe for network vulnerabilities]]> 2024-05-14T09:15:00+00:00 https://www.infosecurity-magazine.com/news/dns-tunneling-scan-track-victims/ www.secnews.physaphae.fr/article.php?IdArticle=8499448 False Vulnerability,Threat None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The flaws include CVE-2023-47610, a security weaknesses within the modem\'s SUPL message handlers]]> 2024-05-13T16:00:00+00:00 https://www.infosecurity-magazine.com/news/critical-vulnerabilities-cinterion/ www.secnews.physaphae.fr/article.php?IdArticle=8498986 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA launched a new software vulnerability enrichment program to fill the gap left by NIST\'s National Vulnerability Database backlog]]> 2024-05-08T18:00:00+00:00 https://www.infosecurity-magazine.com/news/cisa-launches-vulnrichment-program/ www.secnews.physaphae.fr/article.php?IdArticle=8496049 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new report by Cato Networks found that exploiting old vulnerabilities in unpatched systems is one of threat actors\' favorite initial access vectors]]> 2024-05-07T16:22:00+00:00 https://www.infosecurity-magazine.com/news/log4j-top-exploited-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8495353 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The growth of software supply chain attacks pushed vulnerability exploits to the third most used initial access method, Verizon found]]> 2024-05-01T11:00:00+00:00 https://www.infosecurity-magazine.com/news/dbir-vulnerability-exploits-triple/ www.secnews.physaphae.fr/article.php?IdArticle=8491764 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Tanto Security uncovered three vulnerabilities which could allow attackers to execute sandbox escapes and gain root permissions on host machines]]> 2024-04-29T15:30:00+00:00 https://www.infosecurity-magazine.com/news/judge0-sandbox-flaws-systems/ www.secnews.physaphae.fr/article.php?IdArticle=8490731 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CISA\'s RVWP program sent 1754 ransomware vulnerability notifications to government and critical infrastructure entities in 2023, leading to 852 devices being secured]]> 2024-04-26T14:00:00+00:00 https://www.infosecurity-magazine.com/news/vulnerable-devices-secured-cisa/ www.secnews.physaphae.fr/article.php?IdArticle=8489083 False Ransomware,Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An advisory from Cisco Talos has highlighted a sophisticated cyber-espionage campaign targeting government networks globally]]> 2024-04-25T13:00:00+00:00 https://www.infosecurity-magazine.com/news/stateespionage-campaign-cisco/ www.secnews.physaphae.fr/article.php?IdArticle=8488550 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Mandiant\'s latest M-Trends report found that vulnerability exploitation was the most common initial infection vector in 2023, making up 38% of intrusions]]> 2024-04-23T12:01:00+00:00 https://www.infosecurity-magazine.com/news/vulnerability-exploitation-rise/ www.secnews.physaphae.fr/article.php?IdArticle=8487359 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine This occurs when a private package fetches a similar public one, leading to exploit due to misconfigurations in package managers]]> 2024-04-22T13:30:00+00:00 https://www.infosecurity-magazine.com/news/dependency-confusion-flaw-found/ www.secnews.physaphae.fr/article.php?IdArticle=8486835 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files]]> 2024-04-22T11:00:00+00:00 https://www.infosecurity-magazine.com/news/crushftp-file-transfer/ www.secnews.physaphae.fr/article.php?IdArticle=8486753 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ivanti has fixed two critical vulnerabilities in its Avalanche MDM product which could lead to remote code execution]]> 2024-04-17T09:15:00+00:00 https://www.infosecurity-magazine.com/news/ivanti-patches-two-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8484021 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Orca Security said the issue mirrors a previously identified vulnerability in Azure CLI]]> 2024-04-16T13:15:00+00:00 https://www.infosecurity-magazine.com/news/leakycli-exposes-aws-google-cloud/ www.secnews.physaphae.fr/article.php?IdArticle=8483465 False Vulnerability,Cloud None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An open letter signed by 50 cybersecurity practitioners requires the US Congress to support NIST in restoring operations at the National Vulnerability Database]]> 2024-04-16T12:45:00+00:00 https://www.infosecurity-magazine.com/news/open-letter-nist-restore-nvd/ www.secnews.physaphae.fr/article.php?IdArticle=8483431 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls]]> 2024-04-15T14:30:00+00:00 https://www.infosecurity-magazine.com/news/palo-alto-networks-zero-day-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8482784 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A fix for CVE-2024-3400 is scheduled on April 4, Palo Alto Networks announced]]> 2024-04-12T11:15:00+00:00 https://www.infosecurity-magazine.com/news/palo-alto-critical-zero-day/ www.secnews.physaphae.fr/article.php?IdArticle=8480679 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The issues identified permit unauthorized access to the TV\'s root system by bypassing authorization mechanisms]]> 2024-04-10T15:30:00+00:00 https://www.infosecurity-magazine.com/news/lg-tv-vulnerabilities-expose-91000/ www.secnews.physaphae.fr/article.php?IdArticle=8479409 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A flaw in the Rust standard library exposes Windows systems to command injection attacks]]> 2024-04-10T12:00:00+00:00 https://www.infosecurity-magazine.com/news/windows-batbadbut-rust/ www.secnews.physaphae.fr/article.php?IdArticle=8479278 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Palo Alto Networks observed growing malware-initiated vulnerability scanning activity]]> 2024-04-09T16:15:00+00:00 https://www.infosecurity-magazine.com/news/malware-hunt-software/ www.secnews.physaphae.fr/article.php?IdArticle=8478804 False Malware,Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices]]> 2024-04-09T09:05:00+00:00 https://www.infosecurity-magazine.com/news/over-90000-dlink-nas-devices-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8478565 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities]]> 2024-04-05T14:00:00+00:00 https://www.infosecurity-magazine.com/news/chinese-threat-ttps-ivanti/ www.secnews.physaphae.fr/article.php?IdArticle=8476514 False Tool,Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine After weeks of speculation, NIST has finally confirmed its intention to establish an industry consortium to develop the NVD in the future]]> 2024-03-28T13:55:00+00:00 https://www.infosecurity-magazine.com/news/nist-unveils-new-nvd-consortium/ www.secnews.physaphae.fr/article.php?IdArticle=8472040 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Google detected nearly 100 zero-day vulnerabilities exploited in the wild in 2023]]> 2024-03-27T13:01:00+00:00 https://www.infosecurity-magazine.com/news/zeroday-surged-50-annually-google/ www.secnews.physaphae.fr/article.php?IdArticle=8471362 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The Synacktiv team won its second Tesla car for finding one of 19 zero-day bugs on the first day of Pwn2Own Vancouver]]> 2024-03-21T09:30:00+00:00 https://www.infosecurity-magazine.com/news/security-researchers-win-second/ www.secnews.physaphae.fr/article.php?IdArticle=8467806 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Seven years into its ethical hacking program, the Pentagon received its 50,000th vulnerability report on March 15]]> 2024-03-18T15:00:00+00:00 https://www.infosecurity-magazine.com/news/50000-vulnerabilities-discovered/ www.secnews.physaphae.fr/article.php?IdArticle=8466104 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The flaws, identified by KTrust, enable attackers to bypass rate limits and brute force protection mechanisms]]> 2024-03-18T14:00:00+00:00 https://www.infosecurity-magazine.com/news/three-vulnerabilities-uncovered/ www.secnews.physaphae.fr/article.php?IdArticle=8466064 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk – and nobody knows why]]> 2024-03-15T16:46:00+00:00 https://www.infosecurity-magazine.com/news/nist-vulnerability-database/ www.secnews.physaphae.fr/article.php?IdArticle=8464445 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Fortinet has released security updates to fix several critical vulnerabilities in its products]]> 2024-03-14T10:15:00+00:00 https://www.infosecurity-magazine.com/news/fortinet-patches-critical-bug/ www.secnews.physaphae.fr/article.php?IdArticle=8463711 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine No zero-day vulnerabilities to fix in this month\'s Microsoft Patch Tuesday]]> 2024-03-13T10:15:00+00:00 https://www.infosecurity-magazine.com/news/rce-bug-60-cves-patch-tuesday/ www.secnews.physaphae.fr/article.php?IdArticle=8463119 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Kaspersky said access control weaknesses and failures in data protection accounted for 70% of all flaws]]> 2024-03-12T17:45:00+00:00 https://www.infosecurity-magazine.com/news/top-vulnerabilities-corporate-web/ www.secnews.physaphae.fr/article.php?IdArticle=8462761 False Vulnerability,Studies None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The threat actor uses custom Linux malware to pursue financial gain, according to Check Point Research]]> 2024-03-11T17:00:00+00:00 https://www.infosecurity-magazine.com/news/magnet-goblin-exploits-ivanti-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8462213 False Malware,Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine GuidePoint said the threat actor gained initial access via vulnerabilities in a TeamCity server]]> 2024-03-11T16:15:00+00:00 https://www.infosecurity-magazine.com/news/bianlian-shifts-focus-extortion/ www.secnews.physaphae.fr/article.php?IdArticle=8462214 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Security experts warn of mass exploitation of critical TeamCity vulnerability]]> 2024-03-07T09:30:00+00:00 https://www.infosecurity-magazine.com/news/hundreds-rogue-users-unpatched/ www.secnews.physaphae.fr/article.php?IdArticle=8460241 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Cado said the payloads facilitated RCE attacks by leveraging common misconfigurations and known vulnerabilities]]> 2024-03-06T16:15:00+00:00 https://www.infosecurity-magazine.com/news/linux-malware-targets-docker/ www.secnews.physaphae.fr/article.php?IdArticle=8459916 False Malware,Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine JetBrains says on-premises TeamCity servers must be upgraded to mitigate two new bugs]]> 2024-03-05T09:30:00+00:00 https://www.infosecurity-magazine.com/news/teamcity-urged-patch-critical/ www.secnews.physaphae.fr/article.php?IdArticle=8459223 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Proofpoint warned the method could be used for data gathering and further malicious activities]]> 2024-03-04T16:30:00+00:00 https://www.infosecurity-magazine.com/news/ta577-exploits-ntlm-authentication/ www.secnews.physaphae.fr/article.php?IdArticle=8458910 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Government agencies from the Five Eyes coalition said that Ivanti\'s own tools are not sufficient to detect compromise]]> 2024-03-01T12:00:00+00:00 https://www.infosecurity-magazine.com/news/five-eyes-warn-ivanti/ www.secnews.physaphae.fr/article.php?IdArticle=8457481 False Tool,Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Group-IB research warns of rising use of zero-day threats in targeted attacks]]> 2024-02-28T09:45:00+00:00 https://www.infosecurity-magazine.com/news/ads-zeroday-exploit-sales-surge-70/ www.secnews.physaphae.fr/article.php?IdArticle=8456339 False Vulnerability,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine A new White House report has urged software and hardware developers to adopt memory safe programming languages, and eliminate one of the most pervasive classes of bugs]]> 2024-02-26T17:45:00+00:00 https://www.infosecurity-magazine.com/news/white-house-tech-memory/ www.secnews.physaphae.fr/article.php?IdArticle=8455489 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Researchers warn of a “ransomware free-for-all” after ScreenConnect vulnerability is exploited]]> 2024-02-22T09:45:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-cvss-100-screenconnect/ www.secnews.physaphae.fr/article.php?IdArticle=8453595 False Ransomware,Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine After discovering a new vulnerability impacting its Connect Secure, Policy Secure, and ZTA gateways, Ivanti is under fire for poor security practices]]> 2024-02-16T15:45:00+00:00 https://www.infosecurity-magazine.com/news/new-ivanti-vulnerability-security/ www.secnews.physaphae.fr/article.php?IdArticle=8450982 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine CVE-2024-21412 was used to evade Microsoft Defender SmartScreen and implant victims with DarkMe]]> 2024-02-14T17:15:00+00:00 https://www.infosecurity-magazine.com/news/water-hydras-zero-day-financial/ www.secnews.physaphae.fr/article.php?IdArticle=8450088 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Two zero-day bugs actively exploited in the wild now have official Microsoft patches]]> 2024-02-14T10:30:00+00:00 https://www.infosecurity-magazine.com/news/microsoft-two-zerodays-february/ www.secnews.physaphae.fr/article.php?IdArticle=8449940 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The flaw allows the installation of malware that operates at the firmware level]]> 2024-02-08T16:30:00+00:00 https://www.infosecurity-magazine.com/news/linux-devs-patch-critical-shim/ www.secnews.physaphae.fr/article.php?IdArticle=8448082 False Malware,Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Nozomi Networks reveals increasingly sophisticated attacks targeting bugs and other vectors in IoT and OT environments]]> 2024-02-08T13:00:00+00:00 https://www.infosecurity-magazine.com/news/critical-manufacturing-surge/ www.secnews.physaphae.fr/article.php?IdArticle=8448002 False Vulnerability,Industrial None 4.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Shadowserver Foundation spots 170 distinct IP addresses trying to exploit Ivanti zero-day CVE-2024-21893]]> 2024-02-06T11:00:00+00:00 https://www.infosecurity-magazine.com/news/latest-ivanti-zero-day-exploited/ www.secnews.physaphae.fr/article.php?IdArticle=8447231 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ivanti has finally released updates to fix two zero-day bugs and two new high-severity vulnerabilities]]> 2024-02-01T09:30:00+00:00 https://www.infosecurity-magazine.com/news/ivanti-zeroday-patches-two-new-bugs/ www.secnews.physaphae.fr/article.php?IdArticle=8445492 False Vulnerability,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine After analyzing the 12 Rust payloads exploiting Ivanti ConnectSecure vulnerabilities, Synacktiv found they all enabled a sophisticated post-exploitation toolkit]]> 2024-01-30T15:00:00+00:00 https://www.infosecurity-magazine.com/news/rust-payloads-ivanti-zero-days/ www.secnews.physaphae.fr/article.php?IdArticle=8444815 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Customers are urged to patch now after exploits are released for critical vulnerability in Jenkins]]> 2024-01-29T09:35:00+00:00 https://www.infosecurity-magazine.com/news/exploits-released-critical-jenkins/ www.secnews.physaphae.fr/article.php?IdArticle=8444353 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Bugcrowd\'s latest report also recorded a 30% surge in web submissions in 2023]]> 2024-01-25T16:30:00+00:00 https://www.infosecurity-magazine.com/news/government-security/ www.secnews.physaphae.fr/article.php?IdArticle=8443044 False Vulnerability None 3.0000000000000000