23 matches found
PT-2026-39534
Critical cPanel vulnerabilities CVE-2026-41940, CVE-2026-41941, CVE-2026-41942 exploited in the wild. Update your servers immediately to protect against unauthorized access. Link: https://t.co/BvY5rEh9wr cPanel Cybersecurity Vulnerabilities Exploits Patching Servers Security Infosec Malware Threa...
CVE-2025-10539
Due to improper TLS certificate validation in the DeskTime Time Tracking App before version 1.3.674, attackers who can position themselves in the network path between the client and the DeskTime update servers can return a malicious executable in response to an update request. This allows the...
PT-2026-25916
JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...
CVE-2025-65855
The CVE-2025-65855 entry concerns Netun Solutions HelpFlash IoT. The OTA firmware update mechanism (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials shared across devices and does not authenticate update servers or validate firmware signatures. An attacker with brief phy...
Tick Launches Attack on East Asian Data-Loss Prevention Software Company
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Tick, an APT group, attacked an East Asian data-loss prevention software company, compromising update servers and distributing malware, using trojanized installers, to access computers of government and...
Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention DLP company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the...
PVS 1912:Unable to merge vdisk "vDisk versions are not up to date on all Servers that access this vDisk. Update all "
Unable to merge the old versions of vdisk. Error message when we attempt merge: "vDisk versions are not up to date on all Servers that access this vDisk. Update all Servers with the lastest versions of the vDisk files"...
Hotfix XS82E030 - For Citrix Hypervisor 8.2
Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2. Information About this Hotfix Component| Details ---|--- Prerequisite| None Post-update tasks| Restart Host Content live patchable| Yes Baselines for Live Patch| XS82E024 Revision History| Published on J...
CVE-2021-29504
WP-CLI (WordPress CLI) vulnerability CVE-2021-29504 arises from improper error handling in HTTPS requests in WP_CLI\Utils\http_request(). On TLS handshake errors, the older default disabled certificate validation, allowing a remote attacker to intercept traffic, impersonate update servers, and pu...
Improper Certificate Validation in WP-CLI framework
Impact An improper error handling in HTTPS requests management in WP-CLI version 0.12.0 and later allows remote attackers able to intercept the communication to remotely disable the certificate verification on WP-CLI side, gaining full control over the communication content, including the ability...
Defending the power grid against supply chain attacks—Part 1: The risk defined
Most people don’t think about electricity. If the internet works, their food is refrigerated, and their debit card is approved, why should they? Its ubiquity and reliability render it invisible—a bit of magic that powers much of modern life. That is, until a large storm passes through. Localized...
The vulnerability of the Apache SpamAssassin spam filtering software lies in its failure to address the neutralization of special elements used in the operating system command line. This allows attackers to execute arbitrary commands on the target system.
The vulnerability of the Apache SpamAssassin spam filtering software exists because measures are not taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system by loadi...
CVE-2017-14090
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted...
CVE-2017-14090
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted...
Design/Logic Flaw
A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in which some communications to the update servers are not encrypted...
CVE-2017-9035
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers...
CVE-2017-9035
Trend Micro ServerProtect for Linux 3.0 (pre-CP 1531) is affected by multiple vulnerabilities in its update mechanism, including: unencrypted update communications allowing eavesdropping and tampering (CVE-2017-9035); unsigned/unvalidated update packages enabling overwrites of libraries and poten...
Blackphone Bug Bounty Program Launches on Bugcrowd
During DEF CON in August, Twitter became the preferred medium for submitting bugs found in secure smartphone Blackphone, including one high-profile claim on the social network that the phone had been rooted. That wasn’t the final straw that led to today’s announcement of a bug bounty, rather it w...
CVE-2013-1651
OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate...
Open redirect
OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof update servers and install arbitrary software via a crafted certificate...