CISA urges admins to patch critical Discourse code execution bug
A critical Discourse remote code execution (RCE) vulnerability tracked as CVE-2021-41163 was fixed via an urgent update by the developer…
Google launches Android Enterprise bug bounty program
Google has announced the launch of its first vulnerability rewards program for Android Enterprise with bounties of up to $250,000. [...]
Political-themed actor using old MS Office flaw to drop multiple RATs
A novel threat actor with unclear motives has been discovered running a crimeware campaign which delivers multiple Windows and Android RATs (remote…
Zerodium wants zero-day exploits for Windows VPN clients
In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in…
Microsoft asks admins to patch PowerShell to fix WDAC bypass
Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC)…
Malicious Chrome ad blocker injects ads behind the scenes
The AllBlock Chromium ad blocking extension has been found to be injecting hidden affiliate links that generate commissions for the…
Apache HTTP Server 2.4.50 Path Traversal / Code Execution
Authored by Lucas Souza Apache HTTP Server version 2.4.50 suffers from path traversal and code execution vulnerabilities. advisories | CVE-2021-42013…
Moodle Authenticated Spelling Binary Remote Code Execution
Authored by Brandon Perry | Site metasploit.com Moodle allows an authenticated user to define spellcheck settings via the web interface.…
Moodle Teacher Enrollment Privilege Escalation / Remote Code Execution
Authored by h00die, lanz, HoangKien1020 | Site metasploit.com Moodle versions 3.9, 3.8 to 3.8.3, 3.7 to 3.7.6, 3.5 to 3.5.12,…
Microsoft Fixes Zero-Day Flaw in Win32 Driver
A previously known threat actor is using the flaw in a broad cyber-espionage campaign, security vendor warns.