Vulnerabilities Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild. Eduard KovacsMarch 26, 2024
Vulnerabilities Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own Firefox browser updates address two zero-day vulnerabilities exploited at the Pwn2Own hacking contest. Ionut ArghireMarch 25, 2024
Vulnerabilities Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors Vulnerability in Dormakaba’s Saflok electronic locks allow hackers to forge keycards and open millions of doors. Ionut ArghireMarch 22, 2024
Vulnerabilities Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024 Exploits targeting Tesla cars, operating systems, and popular software earned participants over $1.1 million at Pwn2Own Vancouver 2024. Eduard KovacsMarch 22, 2024
Vulnerabilities Microsoft Patches Xbox Vulnerability Following Public Disclosure Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue. Eduard KovacsMarch 21, 2024
Vulnerabilities Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM Ivanti has released patches for two critical-severity vulnerabilities leading to arbitrary command execution. Ionut ArghireMarch 21, 2024
Application Security GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities. Ionut ArghireMarch 21, 2024
IoT Security $200,000 Awarded at Pwn2Own 2024 for Tesla Hack Participants earned a total of $732,500 on the first day of Pwn2Own Vancouver 2024 for hacking a Tesla, operating systems, and other software. Eduard KovacsMarch 21, 2024
Vulnerabilities Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server Atlassian releases patches for two dozen vulnerabilities, including a critical-severity bug in Bamboo Data Center and Server. Ionut ArghireMarch 20, 2024
Vulnerabilities Chrome 123, Firefox 124 Patch Serious Vulnerabilities Chrome and Firefox security updates released on Tuesday resolve a critical-severity and multiple high-severity vulnerabilities. Ionut ArghireMarch 20, 2024
Network Security 300,000 Systems Vulnerable to New Loop DoS Attack Academic researchers describe a new application-layer loop DoS attack affecting Broadcom, Honeywell, Microsoft and MikroTik. Eduard KovacsMarch 20, 2024
Vulnerabilities Aiohttp Vulnerability in Attacker Crosshairs A recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group. Eduard KovacsMarch 19, 2024