Experimental News Clipping Site

Tag: CVE

  • Hacker News: The ESP32 "backdoor" that wasn’t

    by

    Kurt Seifried
    in

    Source URL: https://darkmentor.com/blog/esp32_non-backdoor/ Source: Hacker News Title: The ESP32 "backdoor" that wasn’t Feedly Summary: Comments AI Summary and Description: Yes Summary: The text addresses the misconception that the ESP32 Bluetooth chips contain a backdoor, clarifying that the vendor-specific HCI commands discovered are common in Bluetooth technology and do not inherently indicate malicious intent. It discusses…

  • Unit 42: Multiple Vulnerabilities Discovered in a SCADA System

    by

    Kurt Seifried
    in

    Source URL: https://unit42.paloaltonetworks.com/vulnerabilities-in-iconics-software-suite/ Source: Unit 42 Title: Multiple Vulnerabilities Discovered in a SCADA System Feedly Summary: We identified multiple vulnerabilities in ICONICS Suite, SCADA software used in numerous OT applications. This article offers a technical analysis of our findings. The post Multiple Vulnerabilities Discovered in a SCADA System appeared first on Unit 42. AI Summary…

  • Cisco Talos Blog: Unmasking the new persistent attacks on Japan

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/new-persistent-attacks-japan/ Source: Cisco Talos Blog Title: Unmasking the new persistent attacks on Japan Feedly Summary: Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim’s machines and carry out post-exploitation activities. AI Summary and Description: Yes **Summary:** The text describes a sophisticated cyberattack…

  • Hacker News: Vulnerability in partner.microsoft.com allows unauthenticated access

    by

    Kurt Seifried
    in

    Source URL: https://nvd.nist.gov/vuln/detail/CVE-2024-49035 Source: Hacker News Title: Vulnerability in partner.microsoft.com allows unauthenticated access Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a significant vulnerability (CVE-2024-49035) related to improper access control in Microsoft’s Partner Center, allowing unauthenticated attackers to elevate their privileges over a network. The vulnerability is classified as critical due…

  • The Register: VMware patches guest-to-hypervisor escape flaws already under attack

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/04/vmware_plugs_three_hypervisorhijack_holes/ Source: The Register Title: VMware patches guest-to-hypervisor escape flaws already under attack Feedly Summary: The heap overflow in the memory unsafe code by Miss Creant Broadcom today pushed out patches for three VMware hypervisor-hijacking bugs, including one rated critical, that have already been found and exploited by criminals.… AI Summary and Description:…

  • Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-50302 Linux Kernel Use of Uninitialized Resource Vulnerability CVE-2025-22225 VMware ESXi Arbitrary Write Vulnerability CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability CVE-2025-22226 VMware ESXi,…

  • The Register: Microsoft signed a dodgy driver and now ransomware scum are exploiting it

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/04/paragon_partition_manager_ransomware_driver/ Source: The Register Title: Microsoft signed a dodgy driver and now ransomware scum are exploiting it Feedly Summary: Five flaws found in Paragon Partition Manager’s kernel-level .sys Ransomware crooks are exploiting a third-party Windows kernel-level driver used and provided by disk management tool Paragon Partition Manager.… AI Summary and Description: Yes Summary:…

  • Alerts: CISA Adds Five Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/03/cisa-adds-five-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Five Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20118 Cisco Small Business RV Series Routers Command Injection Vulnerability CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability CVE-2022-43769 Hitachi Vantara Pentaho BA Server…

  • Slashdot: Serbian Student’s Android Phone Compromised By Exploit From Cellebrite

    by

    Kurt Seifried
    in

    Source URL: https://it.slashdot.org/story/25/03/01/019202/serbian-students-android-phone-compromised-by-exploit-from-cellebrite?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Serbian Student’s Android Phone Compromised By Exploit From Cellebrite Feedly Summary: AI Summary and Description: Yes Summary: The report illustrates a concerning case of a zero-day exploit utilized by a surveillance vendor against a student critic of the Serbian government, highlighting the ongoing threats to information security in civil…