Tag: unauthenticated
-
Bulletins: Vulnerability Summary for the Week of June 9, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-167 Source: Bulletins Title: Vulnerability Summary for the Week of June 9, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Acer–ControlCenter Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named…
-
Bulletins: Vulnerability Summary for the Week of May 26, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-153 Source: Bulletins Title: Vulnerability Summary for the Week of May 26, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Daily College Class Work Report Book A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is…
-
Bulletins: Vulnerability Summary for the Week of May 5, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-132 Source: Bulletins Title: Vulnerability Summary for the Week of May 5, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1clickmigration–1 Click WordPress Migration Plugin 100% FREE for a limited time The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress…
-
Cloud Blog: Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines
Source URL: https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations/ Source: Cloud Blog Title: Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines Feedly Summary: Background UNC3944, which overlaps with public reporting on Scattered Spider, is a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims. In early operations, UNC3944 largely targeted telecommunications-related organizations to…
-
Bulletins: Vulnerability Summary for the Week of April 21, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-118 Source: Bulletins Title: Vulnerability Summary for the Week of April 21, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info AdeptLanguage–Adept Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is…
-
The Register: CISA spots spawn of Spawn malware targeting Ivanti flaw
Source URL: https://www.theregister.com/2025/04/01/cisa_ivanti_warning/ Source: The Register Title: CISA spots spawn of Spawn malware targeting Ivanti flaw Feedly Summary: Resurge an apt name for malware targeting hardware maker that has security bug after security bug Owners of Ivanti’s Connect Secure, Policy Secure, and ZTA Gateway products have a new strain of malware to fend off, according…
-
The Register: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug
Source URL: https://www.theregister.com/2025/03/27/crushftp_cve/ Source: The Register Title: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug Feedly Summary: Screenshot shows company head unhappy, claiming ‘real CVE is pending’ CrushFTP’s CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer…
-
Hacker News: RCE Vulnerabilities in K8s Ingress Nginx (9.8 CVE for ingress-Nginx)
Source URL: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities Source: Hacker News Title: RCE Vulnerabilities in K8s Ingress Nginx (9.8 CVE for ingress-Nginx) Feedly Summary: Comments AI Summary and Description: Yes ### Summary: The text outlines the discovery of significant vulnerabilities in the Ingress NGINX Controller for Kubernetes, known as IngressNightmare. These vulnerabilities, which allow unauthenticated Remote Code Execution (RCE), pose…
-
The Register: Oracle Cloud says it’s not true someone broke into its login servers and stole data
Source URL: https://www.theregister.com/2025/03/23/oracle_cloud_customers_keys_credentials/ Source: The Register Title: Oracle Cloud says it’s not true someone broke into its login servers and stole data Feedly Summary: Despite evidence to the contrary as alleged pilfered info goes on sale Oracle has straight up denied claims by a miscreant that its public cloud offering has been compromised and information…
-
Bulletins: Vulnerability Summary for the Week of March 10, 2025
Source URL: https://www.cisa.gov/news-events/bulletins/sb25-076 Source: Bulletins Title: Vulnerability Summary for the Week of March 10, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1E–1E Client Improper link resolution before file access in the Nomad module of the 1E Client, in versions prior to 25.3, enables an attacker with local unprivileged…