相關新聞
Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. [...]
Bleepingcomputer
2024年11月19日 104 觀看次數
Warning: VMware vCenter and Kemp LoadMaster Flaws Under Active Exploitation
Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score...
The Hacker News
2024年11月19日 40 觀看次數
Security plugin flaw in millions of WordPress sites gives admin access
A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. [...]
Bleepingcomputer
2024年11月17日 54 觀看次數
CISA warns of more Palo Alto Networks bugs exploited in attacks
CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited in attacks. [...]
Bleepingcomputer
2024年11月15日 45 觀看次數
Microsoft Power Pages Leak Millions of Private Records
Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.
Dark Reading
2024年11月14日 46 觀看次數
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year.
Bleeping Computer
2024年11月13日 110 觀看次數
Microsoft Exchange adds warning to emails abusing spoofing flaw
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective.
Bleeping Computer
2024年11月13日 72 觀看次數
D-Link won’t fix critical flaw affecting 60,000 older NAS devices
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. [...]
Bleepingcomputer
2024年11月09日 49 觀看次數
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. [...]
Bleepingcomputer
2024年11月09日 50 觀看次數
Palo Alto Networks warns of potential PAN-OS RCE vulnerability
Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. [...]
Bleepingcomputer
2024年11月09日 90 觀看次數