Urgent: GitLab Flaw Allows Account Takeover – Act Now
GitLab has issued security patches (16.11.1, 16.10.4, and 16.9.6) for both Community and Enterprise Editions, emphasizing the importance of upgrading to these versions to mitigate vulnerabilities. Scheduled bi-monthly patch releases [...]
CrushFTP Zero-Day Enables Attackers to Gain Complete Server Access
CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0, allowing remote attackers with low privileges to bypass the VFS sandbox and read arbitrary files on the underlying [...]
OpenMetadata Vulnerabilities to Target Kubernetes
The OpenMetadata platform has critical vulnerabilities reported by Microsoft Security Blog, enabling attackers to exploit Kubernetes workloads for crypto mining. Five vulnerabilities facilitate bypassing authentication and executing Remote Code Execution. [...]
Critical Oracle VirtualBox vulnerability now has a PoC exploit released
Oracle VirtualBox had a critical vulnerability (CVE-2024-21111) allowing Privilege Escalation and Arbitrary File Move/Delete, rated 7.8 (High). Oracle promptly patched it and issued a security advisory. Oracle released a security [...]
Watch Out for Weaponized Zip Files Distributing WINELOADER Malware
Russian threat group APT29 targeted German political parties with a new backdoor, WINELOADER, via spear-phishing emails containing malicious links to ZIP files on compromised websites. These ZIP files deployed an [...]
FHN 
