New regreSSHion OpenSSH RCE bug gives root on Linux servers
A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. [...]
Rockwell’s ICS Directive Comes As Critical Infrastructure Risk Peaks
Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and…
Critical MSMQ RCE Bug Opens Microsoft Servers to Complete Takeover
CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as…
Patch Tuesday, June 2024 “Recall” Edition
Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch…
New BIG-IP Next Central Manager bugs allow device takeover
F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create…
Over 1,400 CrushFTP servers vulnerable to actively exploited bug
Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (SSTI) vulnerability…
Maximum severity Flowmon bug has a public exploit, patch now
Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance…
CrushFTP warns users to patch exploited zero-day “immediately”
CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today,…
The Case Study: The Exploitation of Mechatronics Systems
By Milica D. Djekic The mechatronics systems are a common part of the industrial control systems (ICS) or – in…
New Ivanti RCE flaw may impact 16,000 exposed VPN gateways
Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code…