Vulnerabilities – Threatpost
Cisco Warns of Critical Auth-Bypass Security Flaw
Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco …
Read more >>
Vulnerabilities – Threatpost
Tax Season Ushers in Quickbooks Data-Theft Spike
Quickbooks malware targets tax data for attackers to sell and use in phishing scams. Via Vulnerabil…
Read more >>
Vulnerabilities – Threatpost
VMWare Patches Critical RCE Flaw in vCenter Server
The vulnerability, one of three patched by the company this week, could allow threat actors to brea…
Read more >>
Vulnerabilities – Threatpost
Nvidia’s Anti-Cryptomining Chip May Not Discourage Attacks
The hotly anticipated ray-tracing, advanced gaming graphics chip will throttle Ethereum mining. Via…
Read more >>
Vulnerabilities – Threatpost
Daycare Webcam Service Exposes 12,000 User Accounts
NurseryCam suspends service across 40 daycare centers until a security fix is in place. Via Vulnera…
Read more >>
Vulnerabilities – Threatpost
IBM Squashes Critical Remote Code-Execution Flaw
A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote a…
Read more >>
Vulnerabilities – Threatpost
Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11
The threat actors stole data and used Clop's leaks site to demand money in an extortion scheme,…
Read more >>
Vulnerabilities – Threatpost
Microsoft: SolarWinds Attackers Downloaded Azure, Exchange Code
However, internal products and systems were not leveraged to attack others during the massive suppl…
Read more >>
Vulnerabilities – Threatpost
SDK Bug Lets Attackers Spy on User’s Video Calls Across Dating, Healthcare Apps
Apps like eHarmony and MeetMe are affected by a flaw in the Agora toolkit that went unpatched for e…
Read more >>
Vulnerabilities – Threatpost
Stolen Jones Day Law Firm Files Posted on Dark Web
Jones Day, which represented Trump, said the breach is part of the Accellion attack from December. …
Read more >>
Vulnerabilities – Threatpost
Ninja Forms WordPress Plugin Bug Opens Websites to Hacks
The popular plugin is installed on more than 1 million websites, and has four flaws that allow vari…
Read more >>
Vulnerabilities – Threatpost
Details Tied to Safari Browser-based ‘ScamClub’ Campaign Revealed
Public disclosure of a privilege escalation attack details how a cybergang bypassed browser iframe …
Read more >>
Vulnerabilities – Threatpost
Complaint Blasts TikTok’s ‘Misleading’ Privacy Policies
TikTok is again in hot water for how the popular video-sharing app collects and shares data - parti…
Read more >>
Vulnerabilities – Threatpost
Misconfigured Baby Monitors Allow Unauthorized Viewing
Hundreds of thousands of individuals are potentially affected by this vulnerability. Via Vulnerabil…
Read more >>
Vulnerabilities – Threatpost
Microsoft Pulls Bad Windows Update After Patch Tuesday Headaches
Microsoft released a new servicing stack update (KB5001078) after an older one caused problems for …
Read more >>
Vulnerabilities – Threatpost
Unpatched Android App with 1 Billion Downloads Threatens Spying, Malware
Attackers can exploit SHAREit permissions to execute malicious code through vulnerabilities that re…
Read more >>
Vulnerabilities – Threatpost
mHealth Apps Expose Millions to Cyberattacks
Researcher testing of 30 mobile health apps for clinicians found that all of them had vulnerable AP…
Read more >>
Vulnerabilities – Threatpost
Singtel Suffers Zero-Day Cyberattack, Damage Unknown
The Tier 1 telecom giant was caught up in a coordinated, wide-ranging attack using unpatched securi…
Read more >>
Vulnerabilities – Threatpost
Military, Nuclear Entities Under Target By Novel Android Malware
The two malware families have sophisticated capabilities to exfiltrate SMS messages, WhatsApp messa…
Read more >>
Vulnerabilities – Threatpost
SAP Commerce Critical Security Bug Allows RCE
The critical SAP cybersecurity flaw could allow for the compromise of an application used by e-comm…
Read more >>
Vulnerabilities – Threatpost
Intel Squashes High-Severity Graphics Driver Flaws
Intel is warning on security bugs across its graphics drivers, server boards, compute modules and m…
Read more >>
Vulnerabilities – Threatpost
Supply-Chain Hack Breaches 35 Companies, Including PayPal, Microsoft, Apple
Ethical hacker Alex Birsan developed a way to inject malicious code into open-source developer tool…
Read more >>
Vulnerabilities – Threatpost
Actively Exploited Windows Kernel EoP Bug Allows Takeover
Microsoft addressed 56 security vulnerabilities for February Patch Tuesday -- including 11 critical…
Read more >>
Vulnerabilities – Threatpost
Attackers Exploit Critical Adobe Flaw to Target Windows Users
A critical vulnerability in Adobe Reader has been exploited in "limited attacks." Via Vul…
Read more >>
Vulnerabilities – Threatpost
Critical WordPress Plugin Flaw Allows Site Takeover
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request…
Read more >>
Vulnerabilities – Threatpost
Nespresso Smart Cards Brewed with Weak Security
A researcher hacked Nespresso Pro smart cards to dispense free, unlimited coffee. Via Vulnerabiliti…
Read more >>
Vulnerabilities – Threatpost
Industrial Networks See Sharp Uptick in Hackable Security Holes
Claroty reports that adversaries, CISOs and researchers have all turned their attention to finding …
Read more >>
Vulnerabilities – Threatpost
Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites
An CRSF-to-stored-XSS security bug plagues 50,000 'Contact Form 7' Style users. Via Vulnera…
Read more >>
Vulnerabilities – Threatpost
Google Chrome Zero-Day Afflicts Windows, Mac Users
Google warns of a zero-day vulnerability in the V8 open-source engine that's being actively exp…
Read more >>
Vulnerabilities – Threatpost
Critical Cisco Flaws Open VPN Routers Up to RCE Attacks
The vulnerabilities exist in Cisco's RV160, RV160W, RV260, RV260P, and RV260W VPN routers for s…
Read more >>
Vulnerabilities – Threatpost
Second SolarWinds Attack Group Breaks into USDA Payroll — Report
A second APT, potentially linked to the Chinese government, could be behind the Supernova malware. …
Read more >>
Vulnerabilities – Threatpost
New Malware Hijacks Kubernetes Clusters to Mine Monero
Researchers warn that the Hildegard malware is part of 'one of the most complicated attacks tar…
Read more >>
Vulnerabilities – Threatpost
SolarWinds Orion Bug Allows Easy Remote-Code Execution and Takeover
The by-now infamous company has issued patches for three security vulnerabilities in total. Via Vul…
Read more >>
Vulnerabilities – Threatpost
Tiny Kobalos Malware Bedevils Supercomputers to Steal Logins
The sophisticated backdoor steals SSH credentials for servers in academic and scientific high-perfo…
Read more >>
Vulnerabilities – Threatpost
Hezbollah-Linked Lebanese Cedar APT Infiltrates Hundreds of Servers
Enhanced Explosive RAT and Caterpillar tools are at the forefront of a global espionage campaign. V…
Read more >>
Vulnerabilities – Threatpost
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The flaw in the free-source library could have been ported to multiple applications. Via Vulnerabil…
Read more >>
Vulnerabilities – Threatpost
Alleged Gaming Software Supply-Chain Attack Installs Spyware
Researchers allege that software used for downloading Android apps onto PCs and Macs has been compr…
Read more >>
