vulnerable

  • Blog
    digitpatrox2 weeks ago
    60

    How vulnerable is critical infrastructure to cyberattack in the US?

    Our water, health, and energy systems are increasingly vulnerable to cyberattack. Now, when tensions escalate — like when the US bombed nuclear facilities in Iran this month — the safety of these systems becomes of paramount concern. If conflict erupts, we can expect it to be a “hybrid” battle, Joshua Corman, executive in residence for public safety & resilience at…

    Read More »
  • Blog
    digitpatroxJune 10, 2025
    71

    Over 84,000 Roundcube instances vulnerable to actively exploited flaw

    Over 84,000 Roundcube webmail installations are vulnerable to CVE-2025-49113, a critical remote code execution (RCE) flaw with a public exploit. The flaw, which impacts Roundcube versions 1.1.0 through 1.6.10, spanning over a decade, was patched on June 1, 2025, following its discovery and reporting by security researcher Kirill Firsov. The bug stems from unsanitized $_GET[‘_from’] input, enabling PHP object deserialization…

    Read More »
  • Blog
    digitpatroxMay 21, 2025
    102

    Premium WordPress ‘Motors’ theme vulnerable to admin takeover attacks

    A critical privilege escalation vulnerability has been discovered in the premium WordPress theme Motors, which allows unauthenticated attackers to hijack administrator accounts and take complete control of websites. Developed by StylemixThemes, Motors is one of the top-selling automotive themes for the WordPress platform. It is very popular among automotive businesses such as car dealerships, rental services, and used vehicle listing…

    Read More »
  • Blog
    digitpatroxMay 6, 2025
    101

    Apache Parquet exploit tool detect servers vulnerable to critical flaw

    A proof-of-concept exploit tool has been publicly released for a maximum severity Apache Parquet vulnerability, tracked as CVE-2025-30065, making it easy to find vulnerable servers. The tool was released by F5 Labs researchers who investigated the vulnerability after finding that multiple existing PoCs were either weak or completely non-functional. The tool serves as proof of CVE-2025-30065’s practical exploitability and can…

    Read More »
  • Blog
    digitpatroxApril 29, 2025
    98

    Over 1,200 SAP NetWeaver servers vulnerable to actively exploited flaw

    Over 1,200 internet-exposed SAP NetWeaver instances are vulnerable to an actively exploited maximum severity unauthenticated file upload vulnerability that allows attackers to hijack servers. SAP NetWeaver is an application server and development platform that runs and connects SAP and non-SAP applications across different technologies. Last week, SAP disclosed an unauthenticated file upload vulnerability, tracked as CVE-2025-31324, in SAP NetWeaver Visual Composer,…

    Read More »
  • Blog
    digitpatroxApril 5, 2025
    220

    Benchmarks Find ‘DeepSeek-V3-0324 Is More Vulnerable Than Qwen2.5-Max’

    With the latest stable release dated January 28, 2025, Qwen2.5-Max is classified as a Mixture-of-Experts (MoE) language model developed by Alibaba. Like other language models, Qwen2.5-Max is capable of generating text, understanding different languages, and performing advanced logic. According to recent benchmarks, it is also more secure than DeepSeek-V3-0324. Using Recon to scan for vulnerabilities A team of analysts with…

    Read More »
  • Blog
    digitpatroxMarch 18, 2025
    131

    Millions of RSA encryption keys could be vulnerable to attack

    Millions of RSA encryption keys contain major flaws, making them vulnerable to attack, according to new research. Analysis from Keyfactor found around 1 in 172 of all certificates found online are susceptible to compromise through a mathematical attack, equating to potentially millions of keys. The vulnerability mainly affects Internet of Things (IoT) devices, but is a risk for any system…

    Read More »
  • Blog
    digitpatroxMarch 14, 2025
    150

    94% of Wi-Fi networks are vulnerable to deauthentication attacks

    Research shows the vast majority of Wi-Fi networks are vulnerable to a popular type of denial-of-service (DoS) attack that is frequently deployed in larger cyber intrusion efforts. A new report from Nozomi Networks that analysed telemetry from hundreds of OT and IoT environments found 94% of Wi-Fi networks lacked the proper protections against deauthentication attacks. Deauthentication attacks are a form…

    Read More »
  • Blog
    digitpatroxJanuary 29, 2025
    178

    Laravel admin package Voyager vulnerable to one-click RCE flaw

    Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. The issues remain unfixed and can be exploited against an authenticated Voyager user that clicks on a malicious link. Vulnerability researchers at SonarSource, a code quality and security company, say that they tried to report the flaws to the Voyager maintainers…

    Read More »
  • Blog
    digitpatroxJanuary 29, 2025
    161

    Apple M-Series Chips Are Vulnerable to Side-Channel Attacks

    Security researchers from Georgia Institute of Technology and Ruhr University Bochum discovered two side-channel vulnerabilities in devices with Apple name-brand chips from 2021 or later that could expose sensitive information to attackers. Specifically, the vulnerabilities known as SLAP and FLOP skim credit card information, locations, and other personal data. Data can be gathered from sites like iCloud Calendar, Google Maps,…

    Read More »
Load More
Back to top button
close