flaw

  • Blog
    digitpatrox6 days ago
    29

    Critical FortiSwitch flaw lets hackers change admin passwords remotely

    Fortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. The company says Daniel Rozeboom of the FortiSwitch web UI development team discovered the vulnerability (CVE-2024-48887) internally. Unauthenticated attackers can exploit this unverified FortiSwitch GUI password change security flaw (rated with a 9.8/10 severity score) in low-complexity attacks…

    Read More »
  • Blog
    digitpatrox1 week ago
    94

    WinRAR flaw bypasses Windows Mark of the Web security alerts

    A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. The security issue is tracked as CVE-2025-31334 and affects all WinRAR versions except the most recent release, which is currently 7.11. Mark of the Web is a security function in Windows…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    36

    Verizon Call Filter API flaw could’ve exposed millions of Americans’ call records

    A security flaw in Verizon’s Call Filter app could’ve allowed threat actors to access details of incoming calls for another user, a security researcher has found. Discovered by cybersecurity researcher Evan Connelly in February, the API flaw has since been patched by the telecoms giant. However, in a blog post detailing the vulnerability, Connelly warned exploitation of the flaw could…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    40

    Max severity RCE flaw discovered in widely used Apache Parquet

    A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up to and including 1.15.0. The problem stems from the deserialization of untrusted data that could allow attackers with specially crafted Parquet files to gain control of target systems, exfiltrate or modify data, disrupt services, or introduce dangerous payloads such as ransomware. The…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    50

    Verizon Call Filter API flaw exposed customers’ incoming call history

    A vulnerability in Verizon’s Call Filter feature allowed customers to access the incoming call logs for another Verizon Wireless number through an unsecured API request. The flaw was discovered by security researcher Evan Connelly on February 22, 2025, and was fixed by Verizon sometime in the following month. However, the total period of exposure is unknown. Verizon’s Call Filter app is…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    47

    High-Severity Flaw Lets Hackers Bypass Authentication

    Image: Ferran Rodenas/Flickr/Creative Commons If you use VMware Tools for Windows, it is critical to update to the latest version. Broadcom, which acquired VMware for $69 billion in 2023, has issued a patch for a high-severity vulnerability that is actively being exploited by cybercriminals. The vulnerability affects VMware Tools for Windows versions 11.x.x and 12.x.x, but has been patched in…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    44

    CrushFTP warns users to patch unauthenticated access flaw immediately

    CrushFTP warned customers of an unauthenticated HTTP(S) port access vulnerability and urged them to patch their servers immediately. As the company also explained in an email sent to customers on Friday (seen by BleepingComputer), the security flaw enables attackers to gain unauthenticated access to unpatched servers if they are exposed on the Internet over HTTP(S). “Please take immediate action to…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    43

    CISA tags NAKIVO backup flaw as actively exploited in attacks

    CISA has warned U.S. federal agencies to secure their networks against attacks exploiting a high-severity vulnerability in NAKIVO’s Backup & Replication software. Tracked as CVE-2024-48248, this absolute path traversal flaw can be exploited by unauthenticated attackers to read arbitrary files on vulnerable devices. The US-based backup and ransomware recovery software vendor silently patched the security flaw with the release of…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    51

    Critical RCE flaw in Apache Tomcat actively exploited in attacks

    A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week. The malicious activity was confirmed by Wallarm security…

    Read More »
  • Blog
    digitpatroxMarch 15, 2025
    46

    Update Your iPhone Now to Fix Safari Security Flaw

    Image: Apple’s Official YouTube Page Apple has released iOS 18.3.2, an operating system update that fixes a vulnerability in WebKit, the browser engine used by Safari to render web pages. The flaw allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device. Apple…

    Read More »
Load More
Back to top button
close