GitLab Sends Users Scrambling Again With New CI/CD Pipeline Takeover Vuln
The bug (CVE-2024-6385) is similar — but not identical — to a critical flaw GitLab patched just two weeks ago.
Netgear warns users to patch auth bypass, XSS router flaws
Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication…
Google increases bug bounty rewards five times, up to $151K
Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability…
CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool
A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting…
Microsoft 365, Office users hit by wave of ‘30088-27’ update errors
Over the last month, Microsoft 365 and Microsoft Office users have been experiencing "30088-27" errors when attempting to update the application.…
GitLab: Critical bug lets attackers run pipelines as other users
GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline…
What’s Bugging the NSA? A Vuln in Its ‘SkillTree’ Training Platform
Even the NSA leaves bugs in its software. In this case, it's the kind of cross-site issue that regularly slips…
Microsoft Patch Tuesday, July 2024 Edition
Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products.…
Avast releases free decryptor for DoNex ransomware and past variants
Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so…
Hackers attack HFS servers to drop malware and Monero miners
Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. [...]