Vulnerabilities | News, how-tos, features, reviews, and videos
The US cybersecurity agency added another BeyondTrust vulnerability to its known exploited vulnerabilities catalog.
The advisory from the cybersecurity company follows a report from security researchers who observed exploits in the wild in early December as part of a widespread campaign.
Vulnerability revealed by Ivanti has been exploited by the same group that targeted Connect Secure from January 2024.
The company urged admins to immediately patch their firewalls to fend off threats of easy exploitation.
Authorities reveal advanced cyber tactics exploiting tools such as Windows Sandbox and Visual Studio Code, urging immediate defensive measures.
The software maker announced that a stack-based buffer overflow flaw in its SSL VPN appliance has been exploited in the wild. Ivanti Policy Secure and Ivanti Neurons for ZTA gateways are also impacted.
Eclypsium security researchers have uncovered UEFI vulnerabilities in the Illumina iSeq 100 DNA sequencer, but the broader issue involves the device development process at large.
CISA added the flaws to its known vulnerability catalog, recommending swift patching pursuant to Binding Operational Directive (BOD) 22-01.
Large language models (LLMs) are proving to be valuable tools for discovering zero-days, bypassing detection, and writing exploit code — thereby lowering the barrier to entry for pen-testers and attackers alike.
The flaw could allow attackers to bypass Nuclei’s template signature verification process to inject malicious codes into host systems.