-
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
- November 02, 2023
- 05:46 PM
0
-
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices.
- October 30, 2023
- 11:09 PM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
RCE exploit for Wyze Cam v3 publicly released, patch now
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
- October 30, 2023
- 04:46 PM
- 1
-
Citrix Bleed exploit lets hackers hijack NetScaler accounts
A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.
- October 25, 2023
- 11:26 AM
- 0
-
VMware warns admins of public exploit for vRealize RCE flaw
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs).
- October 24, 2023
- 10:53 AM
- 0
-
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
- October 05, 2023
- 03:44 PM
- 0
-
Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform.
- October 02, 2023
- 01:11 PM
- 0
-
Exploit released for Microsoft SharePoint Server auth bypass flaw
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation.
- September 29, 2023
- 02:06 PM
- 0
-
Fake WinRAR proof-of-concept exploit drops VenomRAT malware
A hacker is spreading a fake proof-of-concept (PoC) exploit for a recently fixed WinRAR vulnerability on GitHub, attempting to infect downloaders with the VenomRAT malware.
- September 20, 2023
- 10:49 AM
- 0
-
Windows 11 ‘ThemeBleed’ RCE bug gets proof-of-concept exploit
Security researcher Gabe Kirkpatrick has made a proof-of-concept (PoC) exploit available for CVE-2023-38146, aka "ThemeBleed," which enables attackers to trigger arbitrary remote code execution if the target opens a specially crafted '.theme' file.
- September 14, 2023
- 11:55 AM
- 0
-
Exploit released for critical VMware SSH auth bypass vulnerability
Proof-of-concept exploit code has been released for a critical SSH authentication bypass vulnerability in VMware's Aria Operations for Networks analysis tool (formerly known as vRealize Network Insight).
- September 01, 2023
- 04:21 PM
- 0
-
Exploit released for Ivanti Sentry bug abused as zero-day in attacks
Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code remotely as root on vulnerable systems.
- August 24, 2023
- 11:20 AM
- 0
-
CISA warns of critical Citrix ShareFile flaw exploited in the wild
CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild.
- August 16, 2023
- 05:31 PM
- 2
-
Hackers exploiting critical WordPress WooCommerce Payments bug
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation.
- July 17, 2023
- 05:08 PM
- 1
-
Rockwell warns of new APT RCE exploit targeting critical infrastructure
Rockwell Automation says a new remote code execution (RCE) exploit linked to an unnamed Advanced Persistent Threat (APT) group could be used to target unpatched ControlLogix communications modules commonly used in manufacturing, electric, oil and gas, and liquified natural gas industries.
- July 14, 2023
- 02:52 PM
- 0
-
Fake Linux vulnerability exploit drops data-stealing malware
Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that installs a Linux password-stealing malware.
- July 13, 2023
- 02:28 PM
- 3
-
VMware warns of exploit available for critical vRealize RCE bug
VMware warned customers today that exploit code is now available for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps admins manage terabytes worth of app and infrastructure logs in large-scale environments.
- July 10, 2023
- 04:16 PM
- 0
-
300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug
Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem.
- July 03, 2023
- 07:54 AM
- 1
-
Exploit released for new Arcserve UDP auth bypass vulnerability
Data protection vendor Arcserve has addressed a high-severity security flaw in its Unified Data Protection (UDP) backup software that can let attackers bypass authentication and gain admin privileges.
- June 28, 2023
- 04:50 PM
- 0
-
Exploit released for Cisco AnyConnect bug giving SYSTEM privileges
Proof-of-concept exploit code is now available for a high-severity flaw in Cisco Secure Client Software for Windows (formerly AnyConnect Secure Mobility Client) that can let attackers elevate privileges to SYSTEM.
- June 21, 2023
- 05:49 PM
- 0
0
