Dirty Cred : New Privilege Escalation Vulnerability in Linux
A new Linux kernel exploitation called Dirty Cred was revealed at last week’s Black Hat security conference. The flaw which is identified as CVE-202…
Vulnerability
ElectroVolt- Hacking Discord, Microsoft Teams, and Other Electron Apps
Security researchers discovered a series of vulnerabilities in twenty commonly used Electron applications and gained Remote Code Execution within app…
ÆPIC Leak — Flaws in Intel CPU that Leaks Sensitive Data
A couple of researchers from Sapienza University of Rome and Graz University of Technology have discovered a new vulnerability dubbed " ÆPIC Lea…
RCE Vulnerability in Audio Decoders of Qualcomm and MediaTek Chips
Check Point Research has identified vulnerabilities in the ALAC format which is used by the largest mobile chip manufacturers, Qualcomm and MediaTek.…
Nginx Release Advisory about Nginx 0day Claims
It all started on 9th April, when a Twitter account connected to a group called “BlueHornet” tweeted about an experimental exploit for NGINX 1.18, cl…
VMware Patch Critical RCE Affecting Workspace ONE Access and Identity Manager
VMware released a critical advisory addressing security vulnerabilities found and resolved in VMware’s Workspace ONE Access, VMware Identity Manager…
Spring4Shell: Spring Confirmed the RCE in Spring Framework, Advisory Released
Update: Apache Tomcat releases versions 10.0.20, 9.0.62, and 8.5.78 as part of the mitigation effort. Manual Workarounds for Apache Tomcat upgrade…
SpringShell: Spring Core RCE 0-day Vulnerability
Update as of 31st March: Spring has Confirmed the RCE in Spring Framework . The team has just published the statement along with the mitigation guide…
RCE 0-day Vulnerability found in Spring Cloud (SPEL)
Update: Spring team has published the CVE for Spring Cloud Function aka CVE-2022-22963: Spring Expression Resource Access Vulnerability . The Spri…
The Dirty Pipe Vulnerability Allows Write Access with Root Privileges
Another critical kernel bug " Dirty Pipe " has been discovered that affects all Linux machines running kernel version since 5.8. This vulne…
New Log4j RCE Vulnerability Discovered in Apache Logging Library
It was the big alarm throughout the internet when a critical remote code execution bug a.k.a Log4Shell (CVE-2021-44228) in the Apache Log4j logging l…
New Vulnerabilities Affect all Cellular Networks from 2G
Specialists from New York University Abu Dhabi (NYUAD) spoke about vulnerabilities in the handover mechanism that underlies modern cellular networks.…
Log4Shell - 3rd Vulnerability on Apache Log4j Utility Found
Update: Today Apache team has released another security update for log4j 2.16.0 which fixes the DoS vulnerability. The DoS flaw in log4j 2.16.0 is be…
Apache Log4j Vulnerability Details and Mitigation
Yesterday, we had reported the critical zero-day vulnerability in Apache log4j, where the attacker can easily exploit the bug with a single line of p…
14 New X-Leaks Attacks AffectsModern Web Browsers
Experts at the Ruhr University in Bochum and the Lower Rhine University of Applied Sciences (Germany) have identified 14 new XS-Leaks attacks on mode…
Critical Privilege Escalation Bug in vCenter - No Patch yet
VMware security team has released a security advisory that briefly describes a privilege escalation vulnerability in the vCenter Server. This vulner…