vulnerability
Telegram zero-day allowed sending malicious Android APKs as videos
A Telegram for Android zero-day vulnerability dubbed ‘EvilVideo’ allowed attackers to send malicious Android APK payloads disguised as video files. A threat actor named ‘Ancryno’ first began selling the Telegram zero-day exploit on June 6, 2024, in a post on the Russian-speaking XSS hacking forum, stating the flaw existed in Telegram v10.14.4 and older. ESET […]
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. Tracked as CVE-2024-20401, this arbitrary file write security flaw in the SEG content scanning and message filtering features is caused by an absolute path traversal weakness […]
VMware, Adobe bugs exploited in active attacks as Cisco warns of critical ‘10.0’ flaw
VMware, SolarWinds and Adobe users are being warned that vulnerabilities found in each of the products are under active attack. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Impacted products include Adobe Commerce (CVE-2024-34102), SolarWinds Serv-U (CVE-2024-28995) and VMware vCenter Server (CVE-2022-22948) CISA’s warning […]
Vulnerabilities exploited faster than ever, says Cloudflare
By the time you read this article, a zero-day CVE is likely getting exploited. According to researchers with Cloudflare, a newly disclosed vulnerability comes under attack at an average of 22 minutes. The internet backbone provider said attackers are more active than ever and are able to jump onto security vulnerabilities with malware exploits at […]
Hackers use PoC exploits in attacks 22 minutes after release
Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available. That is according to Cloudflare’s Application Security report for 2024, which covers activity between May 2023 and March 2024 and highlights emerging threat trends. Cloudflare, which currently processes an average […]
Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability
Security researchers have uncovered a critical vulnerability, CVE-2024-38021, affecting most Microsoft Outlook applications. This zero-click remote code execution (RCE) vulnerability, now patched by Microsoft, did not require any authentication, setting it apart from the previously discovered CVE-2024-30103, which required at least an NTLM token. If exploited, CVE-2024-38021 could lead to data breaches, unauthorized access and […]