Breaking News Archives - Page 325 of 1506

Pierluigi Paganini January 20, 2023

PayPal notifies 34942 users of data breach over credential stuffing attack

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not […]

Pierluigi Paganini January 20, 2023

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. According to the security firm, the vulnerability was exploited in attacks against a series of targets, including a […]

Pierluigi Paganini January 20, 2023

Cisco fixes SQL Injection flaw in Unified CM

A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified Communications Manager and Unified Communications Manager Session Management Edition. Unified Communications Manager solutions provide reliable, secure, scalable, and manageable call control […]

Pierluigi Paganini January 19, 2023

Experts released PoC exploit for critical Zoho ManageEngine RCE flaw

Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. The root cause of […]

Pierluigi Paganini January 19, 2023

Critical Microsoft Azure RCE flaw impacted multiple services

Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure. Researchers from Ermetic found a remote code execution flaw, dubbed EmojiDeploy, that impacts Microsoft Azure services and other cloud services including Function Apps, App Service and Logic Apps. The issue is achieved through CSRF (Cross-site request forgery) on the ubiquitous […]

Pierluigi Paganini January 19, 2023

Mailchimp discloses a new security breach, the second one in 6 months

Popular email marketing and newsletter platform Mailchimp was hacked and the data of dozens of customers were exposed. The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company, the incident exposed the data of 133 customers. Threat […]

Pierluigi Paganini January 19, 2023

US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog. The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited Vulnerabilities Catalog. The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, […]

Pierluigi Paganini January 18, 2023

Two critical flaws discovered in Git source code version control system

The maintainers of the Git source code version control system urge to update the software to fix two critical vulnerabilities. The maintainers of the Git source code version control system announced to have fixed a couple of critical vulnerabilities, tracked as CVE-2022-23521 and CVE-2022-41903, in their software. The flaws were discovered as part of a security source code audit of the source […]

Pierluigi Paganini January 18, 2023

A couple of bugs can be chained to hack Netcomm routers

A couple of critical vulnerabilities have been discovered in Netcomm rourers, experts warn of their potential exploitation in the wild. The vulnerabilities discovered in the Netcomm routers are a a stack based buffer overflow and an authentication bypass, respectively tracked as CVE-2022-4873 and CVE-2022-4874. Both issues impact the Netcomm router models NF20MESH, NF20, and NL1902 running software versions […]

Pierluigi Paganini January 18, 2023

Myrocket HR platform’s data leak turns into privacy nightmare for employees

HR management platform myrocket.co has exposed the personal information of hundreds of thousands of employees and millions of job candidates. Original post at CyberNews On December 12, 2022, the Cybernews research team discovered a publicly accessible database with 260GB of sensitive personal data belonging to myrocket.co, offering ‘end-to-end’ recruitment solutions and HR services for companies […]

Breaking News

PayPal notifies 34942 users of data breach over credential stuffing attack

Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

Cisco fixes SQL Injection flaw in Unified CM

Experts released PoC exploit for critical Zoho ManageEngine RCE flaw

Critical Microsoft Azure RCE flaw impacted multiple services

Mailchimp discloses a new security breach, the second one in 6 months

US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

Two critical flaws discovered in Git source code version control system

A couple of bugs can be chained to hack Netcomm routers

Myrocket HR platform’s data leak turns into privacy nightmare for employees

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Experts uncover critical flaws in Kigen eSIM technology affecting billions

Spain awarded €12.3 million in contracts to Huawei

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

Wing FTP Server flaw actively exploited shortly after technical details were made public

QUICK LINKS

Breaking News

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!