Vulnerabilities

CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks

CloudFlare CDNJS Bug Could Have Led to Widespread Supply-Chain Attacks 728 380 Abdul Haq

Web infrastructure and website security company Cloudflare last month fixed a critical vulnerability in its CDNJS library that’s used by 12.7% of all websites on the internet. CDNJS is a free and…

read more

Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers

Malicious NPM Package Caught Stealing Users’ Saved Passwords From Browsers 728 380 Abdul Haq

A software package available from the official NPM repository has been revealed to be actually a front for a tool that’s designed to steal saved passwords from the Chrome web…

read more

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws 728 380 Abdul Haq

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control…

read more

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices

Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices 728 380 Abdul Haq

Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability…

read more

Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild

Apple Issues Urgent Patches for 2 Zero-Day Flaws Exploited in the Wild 728 380 Abdul Haq

Apple on Monday shipped out-of-band security patches to address two zero-day vulnerabilities in iOS 12.5.3 that it says are being actively exploited in the wild. The latest update, iOS 12.5.4, comes…

read more

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine

Unpatched Virtual Machine Takeover Bug Affects Google Compute Engine 728 380 Abdul Haq

An unpatched security vulnerability affecting Google’s Compute Engine platform could be abused by an attacker to take over virtual machines over the network. “This is done by impersonating the metadata…

read more

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability 728 380 Abdul Haq

A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down.…

read more

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers

Microsoft Discloses Critical Bugs Allowing Takeover of NETGEAR Routers 728 380 Abdul Haq

Cybersecurity researchers have detailed critical security vulnerabilities affecting NETGEAR DGN2200v1 series routers, which they say could be reliably abused as a jumping-off point to compromise a network’s security and gain…

read more

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities

Patch Tor Browser Bug to Prevent Tracking of Your Online Activities 728 380 Abdul Haq

Open-source Tor browser has been updated to version 10.0.18 with fixes for multiple issues, including a privacy-defeating bug that could be used to uniquely fingerprint users across different browsers based…

read more

Critical Auth Bypass Bug Affects VMware Carbon Black App Control

Critical Auth Bypass Bug Affects VMware Carbon Black App Control 728 380 Abdul Haq

VMware has rolled out security updates to resolve a critical flaw affecting Carbon Black App Control that could be exploited to bypass authentication and take control of vulnerable systems. The…

read more
  • 1
  • 2