-
Adobe fixes Acrobat Reader zero-day with public PoC exploit
A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit.
- September 11, 2024
- 01:42 PM
3
-
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks.
- August 07, 2024
- 11:34 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released
The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
- June 26, 2024
- 12:56 PM
- 0
-
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks.
- June 13, 2024
- 01:21 PM
- 0
-
Exploit for critical Veeam auth bypass available, patch now
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.
- June 10, 2024
- 11:05 AM
- 0
-
Exploit for critical Progress Telerik auth bypass released, patch now
Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.
- June 03, 2024
- 01:58 PM
- 0
-
Exploit released for maximum severity Fortinet RCE bug, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February.
- May 28, 2024
- 12:16 PM
- 0
-
QNAP QTS zero-day in Share feature gets public RCE exploit
An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.
- May 20, 2024
- 10:57 AM
- 0
-
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
- May 14, 2024
- 06:10 PM
- 0
-
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now
Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software.
- April 16, 2024
- 02:36 PM
- 0
-
Exploit released for Fortinet RCE bug used in attacks, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
- March 21, 2024
- 11:17 AM
- 0
-
ScreenConnect critical bug now under attack as exploit code emerges
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
- February 21, 2024
- 12:18 PM
- 1
-
Exploit released for Android local elevation flaw impacting 7 OEMs
A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers.
- January 31, 2024
- 02:15 PM
- 2
-
Exploits released for critical Jenkins RCE flaw, patch now
Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks.
- January 28, 2024
- 10:17 AM
- 0
-
Exploit released for Fortra GoAnywhere MFT auth bypass bug
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal.
- January 23, 2024
- 06:16 PM
- 0
-
Hackers are exploiting critical Apache Struts flaw using public PoC
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
- December 13, 2023
- 11:19 AM
- 1
-
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.
- November 18, 2023
- 10:06 AM
- 0
-
Citrix Bleed exploit lets hackers hijack NetScaler accounts
A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.
- October 25, 2023
- 11:26 AM
- 0
-
VMware warns admins of public exploit for vRealize RCE flaw
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs).
- October 24, 2023
- 10:53 AM
- 0
-
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
- October 05, 2023
- 03:44 PM
- 0
0
.jpg)
