Sign in Subscribe

Vulnerability

Namespace Collision Exploits in Microsoft Active Directory Networks: A Growing Threat

Namespace Collision Exploits in Microsoft Active Directory Networks: A Growing Threat

On August 23, 2024, cybersecurity researcher Philippe Caturegli released a comprehensive report detailing the persistent and growing issue of namespace collisions in Microsoft Active Directory (AD) networks.

CISA Adds Versa Networks Director Vulnerability to Known Exploited Vulnerabilities Catalogue

CISA Adds Versa Networks Director Vulnerability to Known Exploited Vulnerabilities Catalogue

CISA announced the addition of a newly identified vulnerability in Versa Networks Director to its Known Exploited Vulnerabilities Catalogue. This vulnerability, designated CVE-2024-39717, is now recognized as a significant threat due to active exploitation in the wild.

NTLM Credential Theft in Python Windows Applications Discovered in Popular Frameworks

NTLM Credential Theft in Python Windows Applications Discovered in Popular Frameworks

On August 23, 2024, Horizon3.ai released a report exposing critical vulnerabilities in three widely used Python frameworks: Gradio, Jupyter Server, and Streamlit.

Velvet Ant Threat Group Exploits Zero-Day Vulnerability in Cisco Nexus Switches to Deploy Malware

Velvet Ant Threat Group Exploits Zero-Day Vulnerability in Cisco Nexus Switches to Deploy Malware

On August 22, 2024, Sygnia released a detailed report uncovering a sophisticated cyber espionage campaign conducted by the China-nexus threat group "Velvet Ant." This group recently exploited a zero-day vulnerability (CVE-2024-20399) in Cisco Nexus Switch appliances

New Log4j Campaign Exploits Vulnerability for Crypto-Mining and System Compromise

New Log4j Campaign Exploits Vulnerability for Crypto-Mining and System Compromise

On August 20, 2024, DataDog Security Labs released a comprehensive threat research report detailing a new opportunistic campaign leveraging the notorious Log4j vulnerability, also known as Log4Shell.

CISA Adds Four Known Exploited Vulnerabilities to Catalogue

CISA Adds Four Known Exploited Vulnerabilities to Catalogue

On August 21, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities Catalog with four newly identified vulnerabilities, emphasizing the need for immediate remediation.