Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances. The critical Read more…

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access A critical security vulnerability has been disclosed in SailPoint’s IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. Read more…

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May Read more…

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and Read more…

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 – Read more…

Palo Alto Networks Vulnerability

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability

CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability Nov 08, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active Read more…

Vulnerability in Industrial Wireless Systems

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems Nov 07, 2024Ravie LakshmananVulnerability / Wireless Technology Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul (URWB) Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked Read more…

NAS Devices

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices

Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices Nov 05, 2024Ravie LakshmananVulnerability / Data Security Taiwanese network-attached storage (NAS) appliance maker Synology has addressed a critical security flaw impacting DiskStation and BeePhotos that could lead to remote code execution. Tracked as CVE-2024-10443 and dubbed RISK:STATION Read more…