Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

The Shifting Landscape of Open Source Security

By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.

DARKReading
Open in Source
#vulnerability#red_hat#git#backdoor#auth
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in

About Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) vulnerability

About Elevation of Privilege – Windows Kernel Streaming WOW Thunk Service Driver (CVE-2024-38144) vulnerability. The vulnerability is from the August Microsoft Patch Tuesday. It wasn’t highlighted in reviews; all we knew was that a local attacker could gain SYSTEM privileges. Three and a half months later, on November 27, SSD Secure Disclosure released a write-up […]

Fake PoC Exploit Targets Cybersecurity Researchers with Malware

A fake proof-of-concept (PoC) exploit designed to lure cybersecurity researchers into downloading malicious software. This deceptive tactic leverages a recently patched critical vulnerability in Microsoft's Windows LDAP service (CVE-2024-49113), which can cause denial-of-service attacks.

About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability

About Authentication Bypass – Hunk Companion WordPress plugin (CVE-2024-11972) vulnerability. ThemeHunk company develops commercial themes for WordPress CMS. And the Hunk Companion plugin is designed to complement and enhance the functionality of these themes. The plugin has over 10,000 installations. On December 10, WPScan reported a vulnerability in Hunk Companion plugin versions below 1.9.0, allowing […]

Threat Actors Exploit a Critical Ivanti RCE Bug, Again

New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors — possibly the same ones as before — are exploiting its edge devices for the nth time.

GHSA-j4v9-cm37-h7c2: Microweber Cross-site Scripting vulnerability

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function

GHSA-w5g5-4jj3-8f6v: Microweber Cross-site Scripting vulnerability

Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup

GHSA-97h9-p9f8-4p3r: Microweber Cross-site Scripting vulnerability

Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users

Ivanti Urges Patch for Flaws in Connect Secure, Policy Secure and ZTA Gateways

Ivanti has issued a critical security advisory addressing two vulnerabilities in its Connect Secure, Policy Secure, and ZTA Gateway products.