IoT Security Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. Eduard KovacsApril 12, 2024
Vulnerabilities Palo Alto Networks Warns of Exploited Firewall Vulnerability Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls. Ionut ArghireApril 12, 2024
Malware & Threats Microsoft Patches Two Zero-Days Exploited for Malware Delivery Microsoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. Eduard KovacsApril 10, 2024
IoT Security Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild. Eduard KovacsApril 9, 2024
Mobile & Wireless Pixel Phone Zero-Days Exploited by Forensic Firms Google this week patched two Pixel phone zero-day vulnerabilities actively exploited by forensic companies to obtain data from devices. Ionut ArghireApril 4, 2024
Mobile & Wireless Google Patches Exploited Pixel Vulnerabilities Google patches 28 vulnerabilities in Android and 25 bugs in Pixel devices, including two flaws exploited in the wild. Ionut ArghireApril 3, 2024
Artificial Intelligence Ray AI Framework Vulnerability Exploited to Hack Hundreds of Clusters Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters. Ionut ArghireMarch 27, 2024
Vulnerabilities CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild. Eduard KovacsMarch 27, 2024
Vulnerabilities Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild. Eduard KovacsMarch 26, 2024
Vulnerabilities Aiohttp Vulnerability in Attacker Crosshairs A recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group. Eduard KovacsMarch 19, 2024
ICS/OT Exploited Building Access System Vulnerability Patched 5 Years After Disclosure Vulnerabilities affecting a Nice Linear physical access product, including an exploited flaw, patched five years after their disclosure. Eduard KovacsMarch 12, 2024
Malware & Threats Recent TeamCity Vulnerability Exploited in Ransomware Attacks Servers impacted by recently patched TeamCity vulnerability CVE-2024-27198 targeted in ransomware attacks and abused for DDoS. Eduard KovacsMarch 11, 2024