Cacti XSS Vulnerability Let Attacker Poison Database
A Stored Cross-Site Scripting (Stored XSS) vulnerability was recently discovered in Cacti that allows an authenticated user to poison the data stored in Cacti’s database. Moreover,…
Latest Cybersecurity News — Page 5147
View all →
Global Ticket Giant Hacked: Attackers Accessed Customers Data
A Global Ticketing Giant company, See Tickets, recently reported a data breach that exposed the payment card information of over 300,000 customers. See Tickets, owned by Vivendi…
Threat Actors Alter DGA Patterns to Improve C2 Communication
A Domain Generation Algorithm (DGA) creates numerous domain names, serving as meeting points for malware C&C servers. DGAs help malware evade security measures by generating…
Multiple ArubaOS Vulnerabilities – Attackers Execute Arbitrary Code
Multiple vulnerabilities have been discovered in Aruba 9200 and 9000 Series Controllers and Gateways running ArubaOS. The vulnerabilities related to Buffer Overflow and Hardware Root…
Researchers Pre-trained LLM Agents Acting as Human Penetration Testers
LLMs have already shown their exceptional abilities in mimicking human text abilities, but their potential reaches further. They now show promise in planning and open-world…
SSO Implementation Vulnerability In Cisco Broadworks
A single sign-on (SSO) implementation flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform might make it possible for a…
iPhone Zero-Day Exploited in the Wild to Install Malware
Researchers discovered an actively exploited zero-click vulnerability that was part of an exploit chain aimed at deploying NSO Group’s Pegasus malware. One of the most…
Apple Discloses 2 Zero-Day Flaws Exploited to Hack iPhones & Mac
Two Zero-Day flaws have been discovered on Apple Devices affecting macOS, iOS, and iPadOS. The vulnerabilities involve an arbitrary code execution and a buffer overflow.…
Google rolls out Privacy Sandbox to use Chrome browsing history for ads
Google has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user’s interests from third-party cookies to…
Cisco Identity Services Engine Flaw Let Attacker Trigger DoS Condition
Cisco addressed high-impact vulnerability CVE-2023-20243 in the Cisco Identity Services Engine (ISE), allowing attackers to stop processing Radius packets. This vulnerability, with a base score of…
Hackers Steal NTLMv2 Hashes using Custom Powershell Scripts
A new sophisticated stealing campaign named “Steal-It” has been discovered that exfiltrates NTLMv2 hashes using customized versions of Nishang’s Start-CaptureServer PowerShell script. It is believed…
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog
US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini September 09, 2023 US CISA added critical vulnerability CVE-2023-33246 in Apache RocketMQ…