14 Mar, 2025

New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks

An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. The flaw, which enables attackers to perform arbitrary remote code execution if certain conditions are met, was disclosed late last month by the person who discovered it, Simone Margaritelli. Although […]

2 mins read

Qualcomm patches high-severity zero-day exploited in attacks

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. The security flaw (CVE-2024-43047) was reported by Google Project Zero’s Seth Jenkins and Amnesty International Security Lab’s Conghui Wang, and it is caused by a use-after-free weakness that can lead to memory corruption when […]

3 mins read

CISA: Network switch RCE flaw impacts critical infrastructure

U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. The flaws concern weak authentication problems, allowing bypassing of password requirements, and user input validation issues potentially leading to remote code execution, arbitrary file uploads, and directory […]

2 mins read

Critical flaw in NVIDIA Container Toolkit allows full host takeover

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. The security issue is tracked as CVE-2024-0132 and allows an adversary to perform container escape attacks and gain full access to the host system, where they could execute commands or exfiltrate sensitive information. […]

2 mins read

Progress urges admins to patch critical WhatsUp Gold bugs ASAP

Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. However, even though it released WhatsUp Gold 24.0.1, which addressed the issues last Friday and published an advisory on Tuesday, the company has yet to provide any details regarding these flaws. “The WhatsUp Gold team […]

2 mins read

HPE Aruba Networking fixes critical flaws impacting Access Points

HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. The vulnerabilities (CVE-2024-42505, CVE-2024-42506, and CVE-2024-42507) can be exploited by sending specially crafted packets to the PAPI (Aruba’s Access Point management protocol) UDP port […]

2 mins read

Google sees 68% drop in Android memory safety flaws over 5 years

The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years. This is well below the 70% previously found in Chromium, making Android an excellent example of how a large project can gradually and methodically move to […]

4 mins read

CISA warns of actively exploited Apache HugeGraph-Server bug

The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. The flaw, tracked as CVE-2024-27348 and rated critical (CVSS v3.1 score: 9.8), is an improper access control vulnerability that impacts HugeGraph-Server versions from 1.0.0 and up to, […]

2 mins read

CISA urges software devs to weed out XSS vulnerabilities

​CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of cross-site scripting vulnerabilities before shipping. The two federal agencies said that XSS vulnerabilities still plague software released today, creating further exploitation opportunities for threat actors even though they’re preventable and should not be present in […]

2 mins read

Broadcom fixes critical RCE bug in VMware vCenter Server

Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. vCenter Server is the central management hub for VMware‘s vSphere suite, helping administrators manage and monitor virtualized infrastructure. The vulnerability (CVE-2024-38812), reported by TZL security researchers during China’s 2024 Matrix Cup hacking contest, is […]

2 mins read