Lucene search
K

19 matches found

Packet Storm News
Packet Storm News
added 2025/04/28 12:0 a.m.6 views

The Automation Advantage in AI Red Teaming

This paper analyzes Large Language Model LLM security vulnerabilities based on data from Crucible, encompassing 214,271 attack attempts by 1,674 users across 30 LLM challenges. Our findings reveal automated approaches significantly outperform manual techniques 69.5% vs 47.6% success rate, despite...

7.2AI score
Exploits0
Wiz blog
Wiz blog
added 2025/01/23 2:0 p.m.7 views

Securing the Container Frontier: Kubernetes Trends Report 2025

From rapid-fire attack attempts to evolving defense strategies, our Kubernetes Security Report paints a vivid picture of a dynamic landscape. Check out the preview here...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/06/07 4:33 p.m.37 views

Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577

In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial for safeguarding sensitive information and maintaining the integrity of digital assets. Recently, a critical vulnerability– identified as CVE-2024-4577 with an initial CVSS score of 9.8 – was discovered i...

9.8CVSS10AI score0.99987EPSS
Exploits64
The Hacker News
The Hacker News
added 2024/04/26 5:49 a.m.75 views

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites

Threat actors are attempting to actively exploit a critical security flaw in the ValvePress Automatic plugin for WordPress that could allow site takeovers. The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior t...

9.9CVSS10AI score0.93971EPSS
Exploits20
hivepro
hivepro
added 2023/02/16 1:7 p.m.45 views

Dalbit Threat Actor Launches Attack Campaign Against Multiple Korean Organizations

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Dalbit is a threat actor group that has been active since at least 2022. They have been targeting South Korean companies, with more than 50 confirmed attack attempts so far. The group relies on open-sourc...

1.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/01/20 6:16 p.m.52 views

ManageEngine Vulnerability CVE-2022-47966

Recently, Zoho ManageEngine released a security advisory for CVE-2022-47966, which allows for pre-authentication remote code execution in at least 24 ManageEngine products, including ADSelfService Plus and ServiceDesk Plus. This vulnerability stems from the products’ use of an outdated Apache...

1.9AI score0.99753EPSS
Exploits15
Wordfence Blog
Wordfence Blog
added 2022/12/12 5:28 p.m.12 views

Spikes in Attacks Serve as a Reminder to Update Plugins

The Wordfence Threat Intelligence team continually monitors trends in the attack data we collect. Occasionally an unusual trend will arise from this data, and we have spotted one such trend standing out over the Thanksgiving holiday in the U.S. and the first weekend in December. Attack attempts...

Exploits0
Wordfence Blog
Wordfence Blog
added 2022/08/09 4:4 p.m.22 views

Ukrainian Website Threat Landscape Throughout 2022

The Russian invasion of Ukraine began on February 20, 2022. By mid-March it was clear the cyber-war had begun, and the attacks have been consistent ever since. Prior to this, on March 1, 2022, Wordfence reported on an attack campaign on Ukrainian university websites. In response, we deployed our...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/18 3:12 p.m.169 views

Experts Notice Sudden Surge in Exploitation of WordPress Page Builder Plugin Vulnerability

Researchers from Wordfence have sounded the alarm about a "sudden" spike in cyber attacks attempting to exploit an unpatched flaw in a WordPress plugin called Kaswara Modern WPBakery Page Builder Addons. Tracked as CVE-2021-24284, the issue is rated 10.0 on the CVSS vulnerability scoring system a...

9.8CVSS2.3AI score0.4214EPSS
Exploits3
Imperva Blog
Imperva Blog
added 2022/06/04 10:5 p.m.169 views

Imperva Customers are protected from Atlassian Confluence CVE-2022-26134

This is an evolving storyline. Last update: June 4, 2022. On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater than 1.3.0. The advisory details a critical severity unauthenticated remote code execution...

7.5CVSS2.3AI score0.99999EPSS
Exploits75
Rapid7 Blog
Rapid7 Blog
added 2021/11/10 2:26 p.m.12 views

tCell by Rapid7 Supports the Newly Released .NET 6.0

We’re excited to share that we've coordinated our recent .NET and .NET Core agent releases with the brand new .NET 6.0 release from Microsoft. What is tCell? Since the founding of tCell by Rapid7, our web application and API protection solution, we’ve prided ourselves on providing both breadth an...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/11/04 12:0 a.m.25 views

ZOHO ManageEngine Log360 Access Control Error Vulnerability

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.ZOHO ManageEngi...

9.8CVSS2.4AI score0.10453EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/31 12:0 a.m.18 views

ZOHO ManageEngine Log360 Cross-Site Request Forgery Vulnerability

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.A cross-site...

8.8CVSS2.8AI score0.00994EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/31 12:0 a.m.21 views

ZOHO ManageEngine Log360 code issue vulnerability

ZzOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.A code issue...

9.8CVSS2.3AI score0.04603EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/31 12:0 a.m.18 views

ZOHO ManageEngine Log360 Input Validation Error Vulnerability

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity, and comply with regulatory requirements.An input...

9.8CVSS2.2AI score0.07013EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/31 12:0 a.m.17 views

ZOHO ManageEngine Log360 Code Injection Vulnerability

ZOHO ManageEngine Log360 is an integrated log management and Active Directory auditing and alerting solution from ZOHO USA. The solution helps you mitigate security threats, detect persistent attack attempts, detect suspicious user activity and comply with regulatory requirements.A code injection...

8.8CVSS2AI score0.00994EPSS
Exploits0References1
Imperva Blog
Imperva Blog
added 2020/02/18 6:27 p.m.1140 views

The Resurrection of PHPUnit RCE Vulnerability

Once a software patch is released, we tend to believe it means “problem solved”. Most of the time, however, this is not actually the case. Fully solving the problem requires all developers to grab the latest patch version and deploy it in their environment. Since upgrading isn’t an especially...

7.5CVSS9.9AI score0.99999EPSS
Exploits19
Imperva Blog
Imperva Blog
added 2020/01/19 3:0 p.m.505 views

Imperva Mitigates Exploits of Citrix Vulnerability – Right Out of the Box

On December 17, Citrix issued a Security Bulletin on an unauthenticated remote code execution vulnerability CVE-2019-19781 affecting its Citrix Application Delivery Controller ADC - formerly known as NetScaler ADC - and its Citrix Gateway - formerly known as NetScaler Gateway. At the time of the...

7.5CVSS10AI score0.99999EPSS
Exploits48
ThreatPost
ThreatPost
added 2013/10/02 10:4 a.m.35 views

Researchers Ponder When to Notify Users of Public Vulnerability Exploits

BERLIN–Just whispering the words “vulnerability disclosure” within earshot of a security researcher or vendor security response team members can put you in fear for your life these days. The debate is so old and worn out that there is virtually nothing new left to say or chew on at this point...

9.3CVSS0.3AI score0.75458EPSS
Exploits11References1
Rows per page
Query Builder