Pierluigi Paganini
April 03, 2024
Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse. Resecurity has detected a new version of JSOutProx, which is targeting financial services and organizations in the APAC and MENA regions. JSOutProx is a sophisticated attack framework utilizing both JavaScript and .NET. It employs the […]
Pierluigi Paganini
April 03, 2024
Google addressed several vulnerabilities in Android and Pixel devices, including two actively exploited flaws. Google addressed 28 vulnerabilities in Android and 25 flaws in Pixel devices. Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively exploited in the wild. The most critical flaw addressed by the company impacts the System […]
Pierluigi Paganini
April 03, 2024
Serious security breach hits EU police agency A batch of highly sensitive files containing the personal information of top Europol executives mysteriously disappeared last summer The website Politico reported that the Europol has suffered a serious security breach, a batch of sensitive files of top law enforcement officials, including Europol Executive Director Catherine De Bolle, […]
Pierluigi Paganini
April 02, 2024
A cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin can lead to malicious script injection. Researchers from Defiant’s Wordfence research team disclosed a cross-site scripting vulnerability (XXS) in the WordPress WP-Members Membership plugin that can lead to malicious script injection. The Unauthenticated Stored Cross-Site Scripting vulnerability was reported to Wordfence by the WordPress […]
Pierluigi Paganini
April 02, 2024
Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10. Red Hat urges users to immediately stop using […]
Pierluigi Paganini
March 30, 2024
The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The German Federal Office for Information Security (BSI) issued an alert about at least 17,000 Microsoft Exchange servers in the country that are vulnerable to one or more critical vulnerabilities. The BSI also added […]
Pierluigi Paganini
March 28, 2024
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to trigger a denial-of-service (DoS) condition. Cisco this week released patches to address multiple IOS and IOS XE software vulnerabilities. An unauthenticated attacker can exploit several issues fixed by the IT giant to cause a denial-of-service (DoS) condition. Below are the […]
Pierluigi Paganini
March 28, 2024
Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. Google’s Threat Analysis Group (TAG) and its subsidiary Mandiant reported that in 2023 97 zero-day vulnerabilities were exploited in attacks, while in 2022 the actively exploited zero-day flaws were 62. In 2023, Google (TAG) and […]
Pierluigi Paganini
March 28, 2024
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. Google addressed several vulnerabilities in the Chrome web browser this week, including two zero-day vulnerabilities, tracked as CVE-2024-2886 and CVE-2024-2887, which were demonstrated during the Pwn2Own Vancouver 2024 hacking competition. The high-severity vulnerability CVE-2024-2886 is a […]
Pierluigi Paganini
March 27, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the 2023 Pwn2Own to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added the CVE-2023-24955Â Microsoft SharePoint Server Code Injection Vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft addressed the remote code execution flaw in SharePoint Server, […]
