flaw

  • Blog
    digitpatrox6 hours ago
    3

    CrushFTP warns users to patch unauthenticated access flaw immediately

    CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. As the company also explained in an email sent to customers on Friday (seen by BleepingComputer), the security flaw enables attackers to gain unauthenticated access to unpatched servers if they are exposed on the Internet over HTTP(S). “Please take immediate action to…

    Read More »
  • Blog
    digitpatrox5 days ago
    27

    CISA tags NAKIVO backup flaw as actively exploited in attacks

    CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software. Tracked as CVE-2024-48248, this absolute path traversal flaw can be exploited by unauthenticated attackers to read arbitrary files on vulnerable devices. The US-based backup and ransomware recovery software vendor silently patched the security flaw with the release of…

    Read More »
  • Blog
    digitpatrox1 week ago
    40

    Critical RCE flaw in Apache Tomcat actively exploited in attacks

    A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week. The malicious activity was confirmed by Wallarm security…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    34

    Update Your iPhone Now to Fix Safari Security Flaw

    Image: Apple’s Official YouTube Page Apple has released iOS 18.3.2, an operating system update that fixes a vulnerability in WebKit, the browser engine used by Safari to render web pages. The flaw allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device. Apple…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    43

    Facebook discloses FreeType 2 flaw exploited in attacks

    Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. FreeType is a popular open-source font rendering library used to display text and programmatically add text to images. It provides functionality to load, rasterize, and render fonts in various formats, such…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    34

    Unpatched Edimax IP camera flaw actively exploited in botnet attacks

    A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. The flaw was discovered by Akamai researchers, who confirmed to BleepingComputer that the flaw is exploited in attacks that are still ongoing. Akamai researcher Kyle Lefton told BleepingComputer that they will provide more technical details about the flaw and…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    43

    Cisco warns of Webex for BroadWorks flaw exposing credentials

    Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. Webex for BroadWorks integrates Cisco Webex’s video conferencing and collaboration features with the BroadWorks unified communications platform. While the company has yet to assign a CVE ID to track this security issue, Cisco says in a Tuesday security advisory that it already pushed…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    36

    Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claim

    Over 200 vulnerable internet-facing Nakivo backup and replication instances have been identified months after the firm silently patched a security flaw without publicly disclosing the issue. Security researchers at watchTowr recently published a report detailing their discovery of an arbitrary file read vulnerability in Nakivo’s central management solution. The report noted that, if exploited, the flaw could enable an attacker…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    43

    Exploits for unpatched Parallels Desktop flaw give root on Macs

    Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. Parallels Desktop is a virtualization software that allows Mac users to run Windows, Linux, and other operating systems alongside macOS. It is very popular among developers, businesses, and casual users who need Windows applications on…

    Read More »
  • Blog
    digitpatroxFebruary 22, 2025
    53

    CISA flags Craft CMS code injection flaw as exploited in attacks

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) warns that a Craft CMS remote code execution flaw is being exploited in attacks. The flaw is tracked as CVE-2025-23209 and is a high severity (CVSS v3 score: 8.0)  code injection (RCE) vulnerability impacting Craft CMS versions 4 and 5. Craft CMS is a content management system (CMS) used for building websites…

    Read More »
Load More
Back to top button
close