Lucene search
K

184 matches found

GithubExploit
GithubExploit
added 2021/12/13 7:14 p.m.905 views

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

l4j-info Compiling valuable links as I find them documenting C...

10CVSS9.5AI score0.99999EPSS
Exploits349
Qualys Blog
Qualys Blog
added 2021/12/10 7:30 p.m.969 views

CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)

Update Take advantage of our free service to quickly detect vulnerabilities in your external attack surface. Visit qualys.com/was-log4shell-help to get started. Update – December 22, 2021 7:53 PM ET A bug in external scanners could result in false negatives when unauthenticated Log4Shell scans we...

9.3CVSS0.6AI score0.99999EPSS
Exploits352
Rapid7 Blog
Rapid7 Blog
added 2021/11/30 7:3 p.m.271 views

Ongoing Exploitation of Windows Installer CVE-2021-41379

CVE | Vendor Advisory | AttackerKB | IVM Content | Patching Urgency | Last Update ---|---|---|---|---|--- CVE-2021-41379 | Microsoft Advisory | AttackerKB | Scheduled when patched | ASAP when released | December 3, 2021 3:00 PM ET See the Updates section at the end of this post for new informatio...

4.6CVSS0.4AI score0.67252EPSS
Exploits11
The Hacker News
The Hacker News
added 2021/11/25 8:10 a.m.725 views

Warning — Hackers Exploiting New Windows Installer Zero-Day Exploit in the Wild

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos...

7.8CVSS8.4AI score0.20255EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2021/11/15 10:14 a.m.45 views

A week in security (Nov 8 – Nov 14)

Last week on Malwarebytes Labs Multiple video games break after domain name snafu How to remove adware on an Android phone Smart TV adverts put a wrinkle in your programming Are cybercriminals turning away from the US and targeting Europe instead? Patch now! Microsoft plugs actively exploited...

10CVSS9.2AI score0.9116EPSS
Exploits2
The Hacker News
The Hacker News
added 2021/10/05 2:53 p.m.103 views

Apache Warns of Zero-Day Exploit in the Wild — Patch Your Web Servers Now!

Apache has issued patches to address two security vulnerabilities, including a path traversal and file disclosure flaw in its HTTP server that it said is being actively exploited in the wild. "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could...

7.5CVSS8.3AI score0.99992EPSS
Exploits148
ThreatPost
ThreatPost
added 2021/09/13 10:10 p.m.121 views

Apple Issues Emergency Fix for NSO Zero-Click Zero Day

Apple users should immediately update all their devices – iPhones, iPads, Macs and Apple Watches – to install an emergency patch for a zero-click zero-day exploited by NSO Group to install spyware. The security updates, pushed out by Apple on Monday, include iOS 14.8 for iPhones and iPads, as wel...

7.8CVSS7.4AI score0.75994EPSS
Exploits2References16
Malwarebytes
Malwarebytes
added 2021/09/13 12:33 p.m.19 views

A week in security (Sept 6 – Sept 12)

Last week on Malwarebytes Labs Apple delays plans to search devices for child abuse imagery. ProtonMail hands user’s IP address and device info to police, showing the limits of private email. Patch now! Netgear fixes serious smart switch vulnerabilities. Tor vs VPN—What is the difference? Windows...

7.4AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2021/07/02 7:13 p.m.15 views

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million...

7.9AI score
Exploits0
Securelist
Securelist
added 2021/06/08 5:32 p.m.410 views

PuzzleMaker attacks with Chrome zero-day exploit chain

On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for...

9.3CVSS9.3AI score0.80263EPSS
Exploits12
The Hacker News
The Hacker News
added 2021/03/29 12:30 a.m.49 views

PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The two malicious commits were pushed to the self-hosted "php-src"...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2021/02/18 5:59 p.m.175 views

Exploit Details Emerge for Unpatched Microsoft Bug

New details have emerged about an unpatched security vulnerability in Microsoft’s Internet Explorer that was recently used in a complex campaign against security researchers. A fresh analysis from 0patch offers further insight into where the bug exists and how it can be triggered in real-world...

8AI score
Exploits0References6
The Hacker News
The Hacker News
added 2021/02/10 4:44 a.m.6 views

Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs

Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that's known to be actively exploited in the wild. In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity — six of which are previously disclosed vulnerabilities...

9.8CVSS8.1AI score0.8621EPSS
Exploits26
The Hacker News
The Hacker News
added 2021/01/29 2:59 p.m.4 views

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed "BlastDoor ," the improved sandbox system for iMessage data was...

5.9AI score
Exploits0
The Hacker News
The Hacker News
added 2020/10/21 4:26 p.m.5 views

New Chrome 0-day Under Active Attacks – Update Your Browser Now

Attention readers, if you are using Google Chrome browser on your Windows, Mac, or Linux computers, you need to update your web browsing software immediately to the latest version Google released earlier today. Google released Chrome version 86.0.4240.111 today to patch several security...

9.6CVSS7.6AI score0.5063EPSS
Exploits2
ThreatPost
ThreatPost
added 2020/09/14 4:1 p.m.269 views

Magecart Attack Impacts More Than 10K Online Shoppers

One of the largest known Magecart campaigns to date took place over the weekend, with nearly 2,000 e-commerce sites hacked in an automated campaign that may be linked to a zero-day exploit. The attacks have impacted tens of thousands of customers, who had their credit-card and other information...

8.3AI score0.0552EPSS
Exploits1References8
The Hacker News
The Hacker News
added 2020/06/26 1:53 p.m.3 views

'Satori' IoT DDoS Botnet Operator Sentenced to 13 Months in Prison

The United States Department of Justice yesterday sentenced a 22-year-old Washington-based hacker to 13 months in federal prison for his role in creating botnet malware, infecting a large number of systems with it, and then abusing those systems to carry out large scale distributed...

8.8CVSS7.5AI score0.7861EPSS
Exploits2
ThreatPost
ThreatPost
added 2020/06/02 1:53 p.m.7841 views

Apple Jailbreak Zero-Day Gets a Patch

Apple quietly pushed out a small but important update for operating systems across all of its devices, including a patch for a zero-day exploit used in an iPhone jailbreak tool released last week. In its notes for the release, Apple says very little else about the patches overall that it pushed o...

7.2CVSS8.1AI score0.0552EPSS
Exploits1References16
ThreatPost
ThreatPost
added 2020/05/26 12:10 p.m.42 views

New iOS Jailbreak Tool Works on iPhone Models iOS 11 to iOS 13.5

A hacker team has released a new method to jailbreak iPhones that they claim uses a zero-day exploit that allows them to jailbreak iPhones running iOS 11 through Apple’s most recent version of its mobile operating system – iOS 13.5. Calling it a “big milestone for jailbreaking,” one of its...

6.9AI score
Exploits0References13
The Hacker News
The Hacker News
added 2020/05/25 8:2 a.m.459 views

New Tool Can Jailbreak Any iPhone and iPad Using An Unpatched 0-Day Bug

The hacking team behind the "unc0ver" jailbreaking tool has released a new version of the software that can unlock every single iPhone, including those running the latest iOS 13.5 version. Calling it the first zero-day jailbreak to be released since iOS 8, unc0ver's lead developer Pwn20wnd said...

9.3CVSS8AI score0.17438EPSS
Exploits6
Rows per page
Query Builder