Critical GitHub Enterprise Server Auth Bypass bug. Fix it now!
Critical GitHub Enterprise Server Authentication Bypass bug. Fix it now! Pierluigi Paganini May 22, 2024 GitHub addressed a vulnerability in the GitHub Enterprise Server (GHES)…
Month: May 2024
EPA Warns Of Cyber Attacks & Vulnerabilities In Water System
The U.S. Environmental Protection Agency (EPA) has sent an enforcement warning about the serious cyber threats and holes in community drinking water systems. The National…
7 Strategies for Enhanced Blended Learning
Blended learning, a method that melds in-person teaching with online learning, has become increasingly popular recently. This innovative educational approach does not combine the advantages…
Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)
Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its…
GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what’s called a…
The mutual benefits of bug bounty programs
Bug bounty programs are a pivotal tool in the cybersecurity landscape, offering a win-win situation for organizations looking to boost their security posture. But they…
Ivanti Endpoint Manager SQL Injection Flaw
Multiple vulnerabilities involving SQL injection have been identified in Ivanti Endpoint Manager. These vulnerabilities could potentially enable malicious actors to carry out various unauthorized actions,…
CyberArk CORA AI accelerates identity threat detection
CyberArk announced CyberArk CORA AI, a new set of AI-powered capabilities that will be embedded across its identity security platform. CORA AI will translate vast…
CyberNiggers Group Plans New Site Post BreachForums Shutdown
The CyberNiggers hacker group plans to set up a new web domain of their own after they lost the ability to publicly communicate following the…
OmniVision disclosed a data breach after the 2023 Cactus ransomware attack
OmniVision disclosed a data breach after the 2023 Cactus ransomware attack Pierluigi Paganini May 22, 2024 The digital imaging products manufacturer OmniVision disclosed a data breach…
Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code
The widely used team workspace corporate wiki Confluence has been discovered to have a critical remote code execution vulnerability. This vulnerability has been assigned with…
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
May 22, 2024NewsroomVulnerability / Data Breach An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in…