Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses

September episode of “In The Trend of VM”: 7 CVEs, fake reCAPTCHA, lebanese pagers, VM and IT annual bonuses. Starting this month, we decided to slightly expand the topics of the videos and increase their duration. I cover not only the trending vulnerabilities of September, but also social engineering cases, real-world vulnerability exploitation, and practices […]

Alexander V. Leonov
Open in Source
#sql#xss#vulnerability#web#windows#wordpress#rce#vmware#blog
Ubuntu Security Notice USN-7077-1

Ubuntu Security Notice 7077-1 - Enrique Nissim and Krzysztof Okupski discovered that some AMD processors did not properly restrict access to the System Management Mode configuration when the SMM Lock was enabled. A privileged local attacker could possibly use this issue to further escalate their privileges and execute arbitrary code within the processor's firmware layer.

Rittal IoT Interface / CMC III Processing Unit Signature Verification / Session ID

Rittal IoT Interface and CMC III Processing Unit versions prior to 6.21.00.2 suffer from improper signature verification and predictable session identifier vulnerabilities.

Paxton Net2 API License Bypass

Paxton Net2 versions prior to 6.07.14023.5015 (SR4) suffers from a bypass vulnerability that allows for unauthorized enabling of the API.

Helper 0.1

Helper is an enumerator written in PHP that helps identify directories on webservers that could be targets for things like cross site scripting, local file inclusion, remote shell upload, and remote SQL injection vulnerabilities.

GHSA-7pp4-388x-2xqj: SQL injection in funadmin

Funadmin 5.0.2 is vulnerable to SQL Injection via the selectFields parameter in the index method of \app\backend\controller\auth\Auth.php.

Guide:  The Ultimate Pentest Checklist for Full-Stack Security

Pentest Checklists Are More Important Than Ever Given the expanding attack surface coupled with the increasing sophistication of attacker tactics and techniques, penetration testing checklists have become essential for ensuring thorough assessments across an organization’s attack surface, both internal and external. By providing a structured approach, these checklists help testers systematically

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.

A Trump Win Could Unleash Dangerous AI

Donald Trump's opposition to “woke” safety standards for artificial intelligence would likely mean the dismantling of regulations that protect Americans from misinformation, discrimination, and worse.

A week in security (October 14 – October 20)

A list of topics we covered in the week of October 14 to October 20 of 2024