Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker Read more…

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack

Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in the wild by malicious actors. The company described the vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), as “intricate” and a combination of Read more…

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining

Critical Unpatched Ray AI Platform Vulnerability Exploited for Cryptocurrency Mining Cybersecurity researchers are warning that threat actors are actively exploiting a “disputed” and unpatched vulnerability in an open-source artificial intelligence (AI) platform called Anyscale Ray to hijack computing power for illicit cryptocurrency mining. “This vulnerability allows attackers to take over Read more…

AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking

AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking

AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for Apache Airflow (MWAA) that could be potentially exploited by a malicious actor to hijack victims’ sessions and achieve remote code Read more…

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool

Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a Read more…