flaw
-
Blog
W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. The W3 Total Cache plugin uses multiple caching techniques to optimize a website’s speed, reduce load times, and generally improve its SEO ranking. The flaw is tracked as CVE-2024-12365 despite the developer releasing…
Read More » -
Blog
Critical macOS flaw puts your data and cameras at risk — update right now
MacOS has a critical component called the System Integrity Protection, or SIP, which is responsible for protecting the operating system against malware and other threats. It does this by restricting system-level operations – even for users with root privileges – basically preventing unauthorized software from altering specific folders and files in protected areas. Disabling the SIP normally requires a system…
Read More » -
Blog
A critical Ivanti flaw is being exploited in the wild – here’s what you need to know
Ivanti has published details of two buffer overflow CVEs affecting its Connect Secure, Policy Secure, and ZTA Gateways devices, claiming cyber criminals are already taking advantage of them. The first flaw, CVE-2025-0282, is described as a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the victim’s device. The flaw is yet to receive an NVD…
Read More » -
Blog
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became aware of the vulnerabilities after the Ivanti Integrity Checker Tool (ICT) detected malicious activity on customers’ appliances. Ivanti launched an investigation and confirmed that threat actors were actively exploiting CVE-2025-0282 as a zero-day.…
Read More » -
Blog
Nuclei flaw lets malicious templates bypass signature verification
A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. Nuclei is a popular open-source vulnerability scanner created by ProjectDiscovery that scans websites for vulnerabilities and other weaknesses. The project utilizes a template-based scanning system of over 10,000 YAML templates that scan websites…
Read More » -
Blog
Nuclei flaw bypasses template signature checks to execute commands
A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. Nuclei is a popular open-source vulnerability scanner created by ProjectDiscovery that scans websites for vulnerabilities and other weaknesses. The project utilizes a template-based scanning system of over 10,000 YAML templates that scan websites…
Read More » -
Blog
Hackers exploit Four-Faith router flaw to open reverse shells
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. The malicious activity was discovered by VulnCheck, who informed Four-Faith about the active exploitation on December 20, 2024. However, it is unclear if security updates for the vulnerability are currently available. “We notified Four-Faith and our…
Read More » -
Blog
Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. Leveraging the security issue repeatedly, however, causes the device to enter maintenance mode and manual intervention is required to restore it to normal operations. “A Denial of Service vulnerability in the DNS Security feature of Palo Alto…
Read More » -
Blog
Sophos discloses critical Firewall remote code execution flaw
Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. The vulnerabilities affect Sophos Firewall version 21.0 GA (21.0.0) and older, with the company already releasing hotfixes that are installed by default and permanent fixes through new firmware updates. The…
Read More » -
Blog
Researchers claim an AMD security flaw could let hackers access encrypted data
Researchers have exposed an issue with the memory implementation on AMD’s data center chips that could threaten the integrity of data, but the chipmaker has hit back at the claims. In a paper due to be presented at IEEE in 2025, researchers from University of Lübeck, KU Leven, and University of Birmingham highlighted a potential weakness in AMD’s secure encrypted…
Read More »