Sign in Subscribe

Exploited in the wild

Remote Code Execution Vulnerabilities Discovered in CUPS Affecting UNIX Systems

Remote Code Execution Vulnerabilities Discovered in CUPS Affecting UNIX Systems

On September 26, 2024, a detailed disclosure outlined critical vulnerabilities in the Common UNIX Printing System (CUPS) that enable remote code execution (RCE) on UNIX systems, including various GNU/Linux distributions.

Storm on the Horizon: Inside the AJCloud IoT Ecosystem

Storm on the Horizon: Inside the AJCloud IoT Ecosystem

On September 19, 2024, an extensive security investigation into the AJCloud IoT platform uncovered serious vulnerabilities affecting millions of Wi-Fi cameras sold by various vendors.

CVE-2024-45488: Skeleton Cookie Vulnerability Exposes Safeguard for Privileged Passwords to Full Administrative Access

CVE-2024-45488: Skeleton Cookie Vulnerability Exposes Safeguard for Privileged Passwords to Full Administrative Access

On September 17, 2024, researchers from Amber Wolf Security uncovered a significant authentication bypass vulnerability in One Identity’s Safeguard for Privileged Passwords product. Assigned CVE-2024-45488, the vulnerability, dubbed "Skeleton Cookie,"

Fox Kitten APT Continues to Exploit U.S. and Foreign Organizations, New Infrastructure Revealed

Fox Kitten APT Continues to Exploit U.S. and Foreign Organizations, New Infrastructure Revealed

Censys conducted an independent investigation of the IOC profiles mentioned in the FBI/CISA report. Their research identified new patterns in the threat group’s infrastructure that could indicate previously undetected hosts linked to Fox Kitten

Google Cloud Exploit: CloudImposer Vulnerability Exposed Millions of Servers

Google Cloud Exploit: CloudImposer Vulnerability Exposed Millions of Servers

On September 16, 2024, Tenable Research disclosed a critical Remote Code Execution (RCE) vulnerability in Google Cloud Platform (GCP). Dubbed CloudImposer, the flaw allowed attackers to execute malicious code on potentially millions of Google servers

CISA Adds Nine Exploited Vulnerabilities to KEV Catalog Over Two Days

CISA Adds Nine Exploited Vulnerabilities to KEV Catalog Over Two Days

n September 17 and 18, 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added nine vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

CISA and FBI Release Secure by Design Alert on Eliminating XSS Vulnerabilities

CISA and FBI Release Secure by Design Alert on Eliminating XSS Vulnerabilities

On September 17, 2024, CISA and the FBI released a Secure by Design Alert focused on eliminating cross-site scripting (XSS) vulnerabilities. This initiative aims to address the ongoing prevalence of such vulnerabilities in software.