Malware & Threats After Delays, Ivanti Patches Zero-Days and Confirms New Exploit Ivanti documents a brand-new zero-day and belatedly ships patches; Mandiant is reporting "broad exploitation activity." Ryan NaraineJanuary 31, 2024
Application Security Tor Code Audit Finds 17 Vulnerabilities Over a dozen vulnerabilities discovered in Tor audit, including a high-risk flaw that can be exploited to inject arbitrary bridges. Eduard KovacsJanuary 31, 2024
Vulnerabilities 45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation Shadowserver Foundation has seen 45,000 Jenkins instances affected by CVE-2024-23897, which may already be exploited in attacks. Eduard KovacsJanuary 31, 2024
Vulnerabilities Juniper Networks Patches Vulnerabilities in Switches, Firewalls A high-severity flaw in the J-Web interface of Juniper’s Junos OS could lead to arbitrary command execution, remotely. Ionut ArghireJanuary 30, 2024
Nation-State Ivanti Struggling to Hit Zero-Day Patch Release Schedule Ivanti is struggling to hit its own timeline for the delivery of patches for critical -- and already exploited -- flaws in its flagship... Ryan NaraineJanuary 29, 2024
Vulnerabilities Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution Two memory safety vulnerabilities in WatchGuard and Panda Security products could lead to code execution with System privileges. Ionut ArghireJanuary 29, 2024
Vulnerabilities PoC Exploit Published for Critical Jenkins Vulnerability PoC exploit code targeting a critical Jenkins vulnerability patched last week is already publicly available. Ionut ArghireJanuary 29, 2024
Vulnerabilities Critical Jenkins Vulnerability Leads to Remote Code Execution A critical vulnerability in Jenkins’ built-in CLI allows remote attackers to obtain cryptographic keys and execute arbitrary code. Ionut ArghireJanuary 26, 2024
IoT Security Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive Participants have earned more than $1.3 million for hacking Teslas, EV chargers and infotainment systems at Pwn2Own Automotive. Eduard KovacsJanuary 26, 2024
Supply Chain Security New Offerings From Protect AI, Venafi Tackle Software Supply Chain Security Two new products aim to secure the traditional OSS supply chain, and the new AI model software supply chain. Kevin TownsendJanuary 25, 2024
Vulnerabilities Cisco Patches Critical Vulnerability in Enterprise Collaboration Products A critical flaw in Cisco Unified Communications and Contact Center Solutions products could lead to remote code execution. Ionut ArghireJanuary 25, 2024
IoT Security Tesla Infotainment Hack Earns Researchers $100,000 at Pwn2Own Automotive Over $1 million paid out in the first two days of Pwn2Own Automotive for Tesla, infotainment and EV charger hacks. Eduard KovacsJanuary 25, 2024