Experimental News Clipping Site

Tag: CVE

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/27/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/26/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability These types of vulnerabilities…

  • The Register: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/27/crushftp_cve/ Source: The Register Title: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug Feedly Summary: Screenshot shows company head unhappy, claiming ‘real CVE is pending’ CrushFTP’s CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/26/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability These types of vulnerabilities…

  • Slashdot: Google Patches Chrome Sandbox Escape Zero-Day Caught By Kaspersky

    by

    Kurt Seifried
    in

    Source URL: https://slashdot.org/story/25/03/26/0143210/google-patches-chrome-sandbox-escape-zero-day-caught-by-kaspersky?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Google Patches Chrome Sandbox Escape Zero-Day Caught By Kaspersky Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a recently patched sandbox escape vulnerability in Google Chrome, highlighting its implications in a targeted cyberespionage campaign. It underscores the importance of timely updates and security measures against such…

  • Hacker News: There are perhaps 10k reasons to doubt Oracle Cloud’s security breach denial

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/25/oracle_breach_update/ Source: Hacker News Title: There are perhaps 10k reasons to doubt Oracle Cloud’s security breach denial Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes a dispute regarding Oracle Cloud’s denial of a security breach after an infosec researcher claims that sensitive data, including customer security keys and credentials,…

  • Hacker News: RCE Vulnerabilities in K8s Ingress Nginx (9.8 CVE for ingress-Nginx)

    by

    Kurt Seifried
    in

    Source URL: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities Source: Hacker News Title: RCE Vulnerabilities in K8s Ingress Nginx (9.8 CVE for ingress-Nginx) Feedly Summary: Comments AI Summary and Description: Yes ### Summary: The text outlines the discovery of significant vulnerabilities in the Ingress NGINX Controller for Kubernetes, known as IngressNightmare. These vulnerabilities, which allow unauthenticated Remote Code Execution (RCE), pose…

  • The Register: Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/25/kubernetes_flaw_rce_risk/ Source: The Register Title: Public-facing Kubernetes clusters at risk of takeover thanks to Ingress-Nginx flaw Feedly Summary: How many K8s systems are sat on the internet front porch like that … Oh, thousands, apparently Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could…