27 Jul 2021

Microsoft Rushes Fix for ‘PetitPotam’ Attack PoC

Microsoft rushed to release mitigations for a new exploit that forces remote Windows systems to reveal password hashes that can easily be cracked by malicious actors. The flaw lies in the Windows NT LAN Manager, according to the company, and has been dubbed PetitPotam. Microsoft has released an advisory that

Read More
23 Jun 2021

SonicWall ‘Botches’ October Patch for Critical VPN Bug

SonicWall’s patch for a critical VPN bug has turned out to be insufficient in fixing the vulnerability, leaving more than 80,000 devices vulnerable to remote code execution for months. The patch was released in October, however, was ineffective. SonicWall finally released a complete fix this week for the RCE flaw

Read More
02 Jun 2021

Critical Zero-Day in WordPress Plugin Under Active Attack

Security researchers have warned that a new critical zero-day vulnerability in a WordPress plugin has been found to be actively exploited in the wild. The plugin, called the Fancy Product Designer, is installed on roughly 17,000 sites, according to Wordfence security experts. The tool allows users to upload images and

Read More
17 May 2021

Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure

Earlier this week, Cisco announced that it had released patches for a high-severity vulnerability that lies in its AnyConnect Secure Mobility Client that can be exploited for remote code execution. The flaw was initially disclosed in November of 2020, and it has taken roughly six months for the company to

Read More
28 Apr 2021

Apple Patches Zero-Day MacOS Bug That Can Bypass Anti-Malware Defenses

Apple has released a patch for a zero-day vulnerability in its macOS systems that could allow attackers to bypass anti-malware protections set in place. According to Apple, the notorious Mac threat Shlayer adware dropper has already been exploiting the vulnerability for several months. Therefore, Apple urges its customers to implement

Read More
27 Apr 2021

Nvidia Warns Severe Security Bugs in GPU Driver, vGPU Software

Nvidia has warned consumers of severe security bugs that lie in their graphics processing unit (GPU) display driver and vGPU software offerings. The group of security vulnerabilities could subject gamers and users to arbitrary code execution, denial of service attacks (DoS), information disclosure, and privilege-escalation attacks. The virtual GPU software

Read More
19 Apr 2021

Coding error allowed attackers to delete Facebook live video

Facebook has recently resolved an issue that allowed attackers to delete content posted on Facebook Live without the consent of the video’s owner. Just two days ago, cybersecurity researcher Ahmad Talahmeh posted an advisory explaining how the vulnerability worked and providing a Proof-of-Concept code that was able to trigger an

Read More
16 Apr 2021

Google to Delay Publishing Bug Details for 30 Days

Google has announced that they will not publish vulnerabilities details for 30 days after the initial public disclosure, allowing customers more time to fix the bugs and implement patches before technical details are released that could potentially be used by an attacker to exploit the flaw. Google’s Project Zero team

Read More
05 Apr 2021

Trustwave Uncovers Vulnerability in Popular Website CMS

Cybersecurity firm Trustwave has uncovered a vulnerability in the website CMS, Umbraco. The organization posted about the bug, which is a privilege escalation issue, on their website earlier this week. The flaw allows for low privileged users to elevate themselves to the status of admin and reap associated benefits and

Read More
29 Mar 2021

Severe Flaws in Official ‘Facebook for WordPress’ Plugin

Security researchers have discovered critical vulnerabilities in the official Facebook for WordPress plugin, finding that they can be abused to upload arbitrary files which would likely lead to remote code execution. Wordfence researchers recently released a warning advising users to exercise caution and to implement Facebook’s patch as soon as

Read More