Ransomware Attackers Are Weaponizing PHP Flaw to Infect Web Servers

Security researchers revealed that ransomware attackers have swiftly turned a simple-to-exploit PHP programming language vulnerability—which allows malicious code to be executed on web servers—into a weapon. As of Thursday last week, Censys’ Internet scans had found 1,000 servers infected…

RegreSSHion Vulnerability Exposes Linux Systems to RCE Attacks

itsecuritynews.info - 03/Jul 15:34

Researchers revealed a signal handler race condition RegreSSHion vulnerability that puts OpenSSH servers at risk. The flaw is tracked as CVE-2024-6387...

RegreSSHion CVE-2024-6387: A Targeted Exploit in the Wild

itsecuritynews.info - 03/Jul 14:32

A critical security flaw, known as regression and cataloged under CVE-2024-6387, has been identified in OpenSSH, just a few days ago. This...

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released

bleepingcomputer.com - 26/Jun 16:56

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue...

SolarWinds Serv-U Vulnerability Under Active Attack – Patch Immediately

itsecuritynews.info - 21/Jun 09:34

A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild....

Ollama drama as ‘easy-to-exploit’ critical flaw found in open source AI server

itsecuritynews.info - 24/Jun 21:07

About a thousand vulnerable instances still exposed online, we’re told A now-patched vulnerability in Ollama – a popular open source project for...

Microsoft discloses 2 flaws in Rockwell Automation PanelView Plus

securityaffairs.co - 08:20

Microsoft discovered two flaws in Rockwell Automation PanelView Plus that remote, unauthenticated attackers could exploit. Microsoft responsibly...

Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769

securityaffairs.co - 01/Jul 07:14

Experts spotted threat actors exploiting the critical vulnerability CVE-2024-0769 affects all D-Link DIR-859 WiFi routers. Researchers from...

Ghostscript Vulnerabilities Patched in Recent Ubuntu Updates

itsecuritynews.info - 12:32

Canonical has released Ubuntu security updates to address several Ghostscript vulnerabilities identified by security researchers. These...

Threat actors are actively exploiting SolarWinds Serv-U bug CVE-2024-28995

securityaffairs.co - 23/Jun 08:23

Threat actors are actively exploiting a recently discovered vulnerability in SolarWinds Serv-U software using publicly available proof-of-concept...

If you’re using Polyfill.io code on your site – like 100,000+ are – remove it immediately

itsecuritynews.info - 26/Jun 00:04

Scripts turn malicious, infect webpages after Chinese CDN swallows domain The polyfill.io domain is being used to infect more than 100,000 websites...

Rubriques :