Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Unpatched Active Directory Flaw Can Crash Any Microsoft Server

Windows servers are vulnerable to a dangerous LDAP vulnerability that could be used to crash multiple servers at once and should be patched immediately.

DARKReading
Open in Source
#vulnerability#windows#microsoft#dos#rce#ldap#auth
New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches. The competition for the best question on the topic of VM continues. 😉🎁 📹 Video on YouTube, LinkedIn🗞 Post on Habr (rus)🗒 Digest on the PT website Content: 🔻 00:29 Spoofing – Windows […]

Fake 7-Zip Exploit Code Traced to AI-Generated Misinterpretation

A recent claim that a critical zero-day vulnerability existed in the popular open-source file archiver 7-Zip has been met with skepticism from the software's creator and other security researchers.

What Security Lessons Did We Learn in 2024?

Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats.

Secure Gaming During the Holidays

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions,…

2024 in AI: It’s changed the world, but it’s not all good

An overview of incidents and news surrounding Artificial Intelligence in 2024.

Emerging Threats & Vulnerabilities to Prepare for in 2025

From zero-day exploits to 5G network vulnerabilities, these are the threats that are expected to persist over the next 12 months.

Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data

Fortinet discovers two malicious Python packages, Zebo-0.1.0 and Cometlogger-0.1, designed to steal data, capture keystrokes, and gain system control. Learn about their malicious behavior and how to protect yourself

Neuro Nostalgia Hackathon 2024: A Retro Journey with Modern Twists

Relive the 90s web era! The Neuro Nostalgia Hackathon challenged teams to transform modern sites into retro masterpieces…

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server

### Impact When the built-in SSH server is enabled (`[server] START_SSH_SERVER = true`), unprivileged user accounts with at least one SSH key can execute arbitrary commands on the Gogs instance with the privileges of the user specified by `RUN_USER` in the configuration. It allows attackers to access and alter any users' code hosted on the same instance. ### Patches The `env` command sent to the internal SSH server has been changed to be a passthrough (https://github.com/gogs/gogs/pull/7868), i.e. the feature is effectively removed. Users should upgrade to 0.13.1 or the latest 0.14.0+dev. ### Workarounds [Disable the use of built-in SSH server](https://github.com/gogs/gogs/blob/7adac94f1e93cc5c3545ea31688662dcef9cd737/conf/app.ini#L76-L77) on operating systems other than Windows. ### References https://www.cve.org/CVERecord?id=CVE-2024-39930