Aggregator

A vulnerability classified as very critical has been found in Ivanti Endpoint Manager. Affected by this issue is some unknown functionality. Performing manipulation results in absolute path traversal. This vulnerability was named CVE-2024-13160. The attack may be initiated remotely. In addition, an exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as very critical was found in Ivanti Endpoint Manager. This affects an unknown part. Executing manipulation can lead to absolute path traversal. The identification of this vulnerability is CVE-2024-13159. The attack may be launched remotely. Furthermore, there is an exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as very critical, has been found in Ivanti Endpoint Manager. This vulnerability affects unknown code. The manipulation leads to absolute path traversal. This vulnerability is referenced as CVE-2024-13161. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is advisable to upgrade the affected component.

A vulnerability labeled as problematic has been found in Mitel MiCollab up to 9.8 SP2. Affected by this issue is some unknown functionality. The manipulation results in information disclosure. This vulnerability is known as CVE-2024-55550. Attacking locally is a requirement. Furthermore, an exploit is available.

A vulnerability classified as critical was found in BeyondTrust Remote Support & Privileged Remote Access up to 24.3.1. Impacted is an unknown function. The manipulation results in os command injection. This vulnerability is identified as CVE-2024-12686. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in Palo Alto Networks Cloud NGFW and PAN-OS and classified as problematic. The impacted element is an unknown function of the component DNS Security. Executing manipulation can lead to improper check for unusual conditions. The identification of this vulnerability is CVE-2024-3393. The attack may be launched remotely. Furthermore, there is an exploit available. It is suggested to upgrade the affected component.

A vulnerability classified as critical has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. This affects an unknown part of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. This vulnerability is traded as CVE-2024-12987. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability categorized as critical has been discovered in GeoVision GV-VS12, GV-VS11, GV-DSP_LPR_V3, GVLX 4 V2 and GVLX 4 V3. The affected element is an unknown function. Such manipulation leads to os command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2024-11120. The attack can be launched remotely. Moreover, an exploit is present. It is best to exchange the affected component with an alternative.

A vulnerability was found in Apple Safari on Intel. It has been rated as critical. This vulnerability affects unknown code of the component Web Content Handler. Performing manipulation results in Remote Code Execution. This vulnerability was named CVE-2024-44308. The attack may be initiated remotely. In addition, an exploit is available. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Apple macOS on Intel. This issue affects some unknown processing of the component Web Content Handler. Executing manipulation can lead to Remote Code Execution. The identification of this vulnerability is CVE-2024-44308. The attack may be launched remotely. Furthermore, there is an exploit available. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Apple iOS and iPadOS on Intel. Impacted is an unknown function of the component Web Content Handler. The manipulation leads to Remote Code Execution. This vulnerability is referenced as CVE-2024-44308. Remote exploitation of the attack is possible. Furthermore, an exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Apple visionOS on Intel. The affected element is an unknown function of the component Web Content Handler. The manipulation results in Remote Code Execution. This vulnerability is identified as CVE-2024-44308. The attack can be executed remotely. Additionally, an exploit exists. The affected component should be upgraded.

MITRE ATT&CK v18 is deprecating Defense Evasion (TA0005). Learn about the new Stealth and Impair Defenses tactics and what SOC teams need to do next.

The post MITRE ATT&CK is Deprecating a Tactic: 3 Takeaways from the “Defense Evasion” Break-up appeared first on D3 Security.

The post MITRE ATT&CK is Deprecating a Tactic: 3 Takeaways from the “Defense Evasion” Break-up appeared first on Security Boulevard.

TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. [...]

A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted phishing operations that exploit trusted governmental relationships. The campaign focuses on organizations within energy, mining, […]

The post Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT appeared first on Cyber Security News.

Silicon Valley Startup Focuses on Discovery and Governance of Non-Human Identities
With $30.75 million in Series B funding, Defakto aims to strengthen non-human identity security across AI workloads and cloud platforms. The Silicon Valley-based startup plans to deepen discovery, governance and enterprise integrations, while expanding its go-to-market strategy.

Active Measures Teams Rapidly Springboarding From Current Events, Find Researchers
After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts.

Silicon Valley Startup Focuses on Discovery and Governance of Non-Human Identities
With $30.75 million in Series B funding, Defakto aims to strengthen non-human identity security across AI workloads and cloud platforms. The Silicon Valley-based startup plans to deepen discovery, governance and enterprise integrations, while expanding its go-to-market strategy.

Active Measures Teams Rapidly Springboarding From Current Events, Find Researchers
After Russian drones violated Polish airspace last month, multiple pro-Kremlin information operations teams sprang into action to advance pro-Moscow narratives that distorted the facts, as part of a hybrid operation designed to destabilize Poland, and NATO support for Ukraine, said experts.

Are You Safeguarding Non-Human Identities Effectively in Your Cloud Environment? Enterprises often ask whether their secrets security strategy is truly adaptable. Traditionally, cybersecurity has revolved around human identities, but the rise of digital transformation has cast a spotlight on Non-Human Identities (NHIs). These machine identities, comprising encrypted secrets such as tokens or keys, serve as […]

The post How Adaptable is Your Secrets Security Strategy? appeared first on Entro.

The post How Adaptable is Your Secrets Security Strategy? appeared first on Security Boulevard.