-
Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform.
- October 02, 2023
- 01:11 PM
0
-
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
- September 20, 2023
- 10:49 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit
Security researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted '.theme' file.
- September 14, 2023
- 11:55 AM
- 0
-
Exploit released for critical VMware SSH auth bypass vulnerability
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network Insight).
- September 01, 2023
- 04:21 PM
- 0
-
Exploit released for Juniper firewall bugs allowing RCE attacks
Proof-of-concept exploit code has been publicly released for vulnerabilities in Juniper SRX firewalls that, when chained, can allow unauthenticated attackers to gain remote code execution in Juniper's JunOS on unpatched devices.
- August 28, 2023
- 10:46 AM
- 0
-
Exploit released for Ivanti Sentry bug abused as zero-day in attacks
Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code remotely as root on vulnerable systems.
- August 24, 2023
- 11:20 AM
- 0
-
Fake Linux vulnerability exploit drops data-stealing malware
Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that installs a Linux password-stealing malware.
- July 13, 2023
- 02:28 PM
- 3
-
Exploit released for new Arcserve UDP auth bypass vulnerability
Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can let attackers bypass authentication and gain admin privileges.
- June 28, 2023
- 04:50 PM
- 0
-
Exploit released for Cisco AnyConnect bug giving SYSTEM privileges
Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM.
- June 21, 2023
- 05:49 PM
- 0
-
Exploit released for MOVEit RCE bug used in data theft attacks
Horizon3 security researchers have released proof-of-concept (PoC) exploit code for a remote code execution (RCE) bug in the MOVEit Transfer managed file transfer (MFT) solution abused by the Clop ransomware gang in data theft attacks.
- June 12, 2023
- 11:32 AM
- 0
-
PoC released for Windows Win32k bug exploited in attacks
Researchers have released a proof-of-concept (PoC) exploit for an actively exploited Windows local privilege escalation vulnerability fixed as part of the May 2023 Patch Tuesday.
- June 08, 2023
- 04:51 PM
- 0
-
Exploit released for RCE flaw in popular ReportLab PDF library
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab, a popular Python library used by numerous projects to generate PDF files from HTML input.
- May 31, 2023
- 06:17 PM
- 0
-
Exploit released for PaperCut flaw abused to hijack servers, patch now
Attackers are exploiting severe vulnerabilities in the widely-used PaperCut MF/NG print management software to install Atera remote management software to take over servers.
- April 24, 2023
- 01:01 PM
- 2
-
Proof-of-Concept released for critical Microsoft Word RCE bug
A proof-of-concept for CVE-2023-21716, a critical vulnerability in Microsoft Word that allows remote code execution, has been published over the weekend.
- March 06, 2023
- 03:55 PM
- 0
-
Exploit released for critical Fortinet RCE flaw, patch now
Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in Fortinet's FortiNAC network access control suite.
- February 21, 2023
- 01:21 PM
- 0
-
Exploit released for actively exploited GoAnywhere MFT zero-day
Exploit code has been released for an actively exploited zero-day vulnerability affecting Internet-exposed GoAnywhere MFT administrator consoles.
- February 06, 2023
- 06:22 PM
- 0
-
Exploit released for critical VMware vRealize RCE vulnerability
Horizon3 security researchers have released proof-of-concept (PoC) code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances.
- January 31, 2023
- 11:14 AM
- 0
-
Researchers to release VMware vRealize Log RCE exploit, patch now
Security researchers with Horizon3's Attack Team will release next week an exploit targeting a vulnerability chain for gaining remote code execution on unpatched VMware vRealize Log Insight appliances.
- January 28, 2023
- 11:32 AM
- 0
-
Exploit released for critical Windows CryptoAPI spoofing bug
Proof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by the NSA and U.K.'s NCSC allowing MD5-collision certificate spoofing.
- January 25, 2023
- 06:45 PM
- 0
-
Exploits released for two Samsung Galaxy App Store vulnerabilities
Two vulnerabilities in the Galaxy App Store, Samsung's official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user's knowledge or to direct victims to a malicious web location.
- January 20, 2023
- 03:09 PM
- 0
0
