CrushFTP Zero-Day Enables Attackers to Gain Complete Server Access
CrushFTP disclosed a zero-day vulnerability (CVE-2024-4040) affecting versions below 10.7.1 and 11.1.0, allowing remote attackers with low privileges to bypass the VFS sandbox and read arbitrary files on the underlying [...]
OpenMetadata Vulnerabilities to Target Kubernetes
The OpenMetadata platform has critical vulnerabilities reported by Microsoft Security Blog, enabling attackers to exploit Kubernetes workloads for crypto mining. Five vulnerabilities facilitate bypassing authentication and executing Remote Code Execution. [...]
Critical Oracle VirtualBox vulnerability now has a PoC exploit released
Oracle VirtualBox had a critical vulnerability (CVE-2024-21111) allowing Privilege Escalation and Arbitrary File Move/Delete, rated 7.8 (High). Oracle promptly patched it and issued a security advisory. Oracle released a security [...]
Watch Out for Weaponized Zip Files Distributing WINELOADER Malware
Russian threat group APT29 targeted German political parties with a new backdoor, WINELOADER, via spear-phishing emails containing malicious links to ZIP files on compromised websites. These ZIP files deployed an [...]
PyPI Package Malware Targets Discord Users for Credential Theft
Hackers frequently exploit PyPI packages to inject malicious code into widely-used Python libraries, seeking vulnerabilities. Recently, FortiGuard Labs cybersecurity researchers uncovered a malicious PyPI package, "discordpy_bypass-1.7," targeting Discord users for [...]
Get Social