GoIssue is a new, sophisticated phishing tool targeting GitHub users, allowing hackers to collect email addresses from GitHub profiles and launch large-scale phishing attacks. This tool poses a serious threat to GitHub users, especially developers and organizations. Uncovered by cybersecurity…
Fortinet has released security updates for several of its products—FortiOS, FortiAnalyzer, FortiManager, and FortiClient for Windows. If these vulnerabilities are not patched, attackers could gain full control of the compromised systems. One of the most severe vulnerabilities, identified as CVE-2024-47575,…
SAP (Systems, Applications, and Products in Data Processing) is an international company and a leader in corporate software, offering integrated solutions to automate and manage business processes. Founded in Germany in 1972, SAP is now one of the largest producers…
Hackers are currently exploiting a critical vulnerability in Veeam Backup & Replication software to distribute a new ransomware strain called “Frag.” This vulnerability, tracked as CVE-2024-40711, allows unauthenticated remote code execution. It has a severity score of 9.8 out of…
WSO2 announced the discovery of critical vulnerabilities in its “API Manager” and “Identity Server” products. These vulnerabilities allow bypassing authentication mechanisms or resetting user passwords. This situation can particularly put high-level accounts, such as administrators, at risk. The risk could…
A critical security vulnerability has been identified in D-Link NAS (Network-Attached Storage) devices. If exploited, this vulnerability could allow attackers to execute malicious code on the devices, posing a serious threat to system and data security. The vulnerability, identified as…
A critical vulnerability has been identified in the Admin Server component of Apache ZooKeeper, potentially allowing attackers to gain unauthorized access to vulnerable systems. This vulnerability, registered as CVE-2024-51504 with a risk score of 9.1, arises in the IPAuthenticationProvider component…
A critical vulnerability has been identified in Drupal’s Basic HTTP Authentication module. This vulnerability allows attackers to bypass the access restrictions set by the module, potentially exposing sensitive content or resources to risk. This vulnerability, designated as SA-CONTRIB-2024-057, pertains to…
A new and critical vulnerability has been identified in the Veeam Backup Enterprise Manager (VBEM) system. This vulnerability could allow attackers to gain unauthorized access to the system, posing a risk to the confidentiality and integrity of backup data. Vulnerability…
Multiple critical vulnerabilities have been discovered in the Cisco AnyConnect VPN server, affecting Cisco Meraki MX and Z Series Teleworker Gateway devices. These vulnerabilities could allow unauthenticated, remote attackers to cause a Denial of Service (DoS) condition on the affected…