Vulert
Modern applications are at security risk because of open-source software.
Without having access to your codebase: We notify you if a SECURITY ISSUE is found in any of the open-source software you use.
12/08/2024
π¨ Important Security Update for FreeBSD Users! π¨
A critical vulnerability (CVE-2024-7589) in OpenSSH has been patched by the FreeBSD Project. This flaw could allow remote attackers to execute code with root privileges, so it's crucial to update your systems immediately.
π https://vulert.com/blog/freebsd-openssh-vulnerability-patch/
Critical FreeBSD Security Patch Released for High-Severity OpenSSH Vulnerability (CVE-2024-7589) - Vulert Stay secure with the latest FreeBSD update addressing a high-severity OpenSSH flaw (CVE-2024-7589).
06/08/2024
π¨ Android Security Alert! π¨
Google has patched CVE-2024-36971, a critical Android kernel vulnerability. Protect your devices from this actively exploited threat.
π Learn more: https://vulert.com/blog/android-kernel-vulnerability-patch/
Critical Android Kernel Vulnerability Exposes Devices to Exploitation - Vulert Discover the latest Android kernel vulnerability, CVE-2024-36971, patched by Google. Learn about its impact, exploitation, and how to protect your devices.
02/08/2024
π¦ΈββοΈπ Vulert
Visit vulert.com to proactively monitor your supply chain.
31/07/2024
π¨ Breaking News: The UK Government links the 2021 Electoral Commission breach to unpatched Exchange Server vulnerabilities, exposing the data of 40 million people. This underscores the need for timely security updates and strong cybersecurity measures.
π Read more:
UK Govt Links 2021 Electoral Commission Breach to Exchange Server Vulnerability - Vulert Discover how unpatched ProxyShell vulnerabilities led to the 2021 UK govt Electoral Commission breach, exposing personal information of 40 million people.
26/07/2024
π¨ Critical Docker Security Alert! π¨
Docker has fixed a 5-year-old authentication bypass flaw (CVE-2024-41110) that could allow attackers to bypass authorization plugins. Make sure to update your systems to the latest versions immediately!
Learn more: https://vulert.com/blog/docker-authentication-bypass-flaw/
Docker Authentication Bypass Flaw Fixed: Critical 5-Year-Old Vulnerability Addressed - Vulert Docker addresses a critical 5-year-old authentication bypass flaw. Learn about the vulnerability and how to protect your Docker environment.
24/07/2024
π¨ Cyber Alert: Telegram Zero-Day Vulnerability π¨
A critical Telegram zero-day exploit allowed attackers to send malicious APKs disguised as videos. The flaw, affecting Telegram v10.14.4 and older, has now been patched in version 10.14.5.
π Read more: https://vulert.com/blog/telegram-zero-day-apk-videos/
Telegram Zero-Day Allowed Sending Malicious Android APKs as Videos - Vulert Discover the details of the Telegram zero-day vulnerability, 'EvilVideo,' which allowed attackers to send malicious APKs disguised as videos. Learn how this exploit was addressed and how to protect your device.
20/07/2024
π¨ Major IT Outage Due to CrowdStrike Update π¨
A recent CrowdStrike update led to a significant IT outage, affecting businesses globally. Key sectors impacted include airlines, healthcare, and financial services. The issue has been identified and fixed, but recovery efforts are ongoing.
Stay informed and prepared by visiting our blog for the full details and expert insights on how to navigate such disruptions.
Read more here:
CrowdStrike Issue Causes Major Outage Affecting Businesses Worldwide - Vulert A major IT outage caused by a CrowdStrike update affected businesses globally, disrupting airlines, healthcare, financial services, and more. Learn about the incident, response, and recovery efforts.
17/07/2024
π¨ Critical Apache HugeGraph Vulnerability Under Attack! π¨
A severe flaw (CVE-2024-27348) is being exploited. Upgrade to version 1.3.0 now to secure your systems.
Read more: https://vulert.com/blog/apache-hugegraph-vulnerability/
Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP - Vulert Discover the critical Apache HugeGraph vulnerability under attack and learn how to protect your systems from remote code ex*****on exploits. Patch your software now!
16/07/2024
π’ Kaspersky is shutting down U.S. operations starting July 20, 2024, due to sanctions and security concerns. This impacts the cybersecurity landscape significantly.
π Read more: https://vulert.com/blog/kaspersky-shutting-down-u-s-operations/
Kaspersky Shutting Down U.S. Operations - Vulert Discover why Kaspersky Shutting Down its business in the U.S. and the implications of recent sanctions.
16/07/2024
π¨ Security Alert: GitHub Token Leak Exposes Python's Core Repositories π¨
A leaked GitHub token exposed Python's core repositories to potential attacks. Learn more about the impact and mitigation steps in our latest blog post.
π Read more: https://vulert.com/blog/github-token-leak-python-repositories/
GitHub Token Leak Exposes Pythonβs Core Repositories to Potential Attacks - Vulert Discover how a leaked GitHub token exposed Python's core repositories to potential threats and the measures taken to mitigate the risk.
12/07/2024
π¨ AT&T Data Breach: 109 Million Call Logs Stolen! π¨
AT&T has confirmed a significant data breach affecting 109 million customers. Learn more about the incident and how AT&T is responding.
π https://vulert.com/blog/att-data-breach-109-million/
Massive AT&T Data Breach Exposes Call Logs of 109 Million Customers - Vulert Massive AT&T data breach exposes call logs of 109 million customers. Learn about the breach details, implications, and AT&T's response.
11/07/2024
π¨ GitLab Users: Critical Vulnerability Found! π¨
A severe flaw (CVE-2024-6385) lets attackers run pipeline jobs as other users. Learn more about the impact and how to protect your systems in our latest blog post.
π Read more: https://vulert.com/blog/critical-gitlab-vulnerability/
Stay updated with Vulert for real-time security insights.
Critical GitLab Vulnerability Allows Attackers to Run Pipelines as Other Users - Vulert Discover the critical GitLab vulnerability CVE-2024-6385 that allows attackers to run pipeline jobs as other users. Learn how to protect your systems and stay updated with Vulert.
03/07/2024
π¨ Alert: Chinese Hackers Exploiting Cisco Switches Zero-Day! π¨
A China-nexus cyber espionage group known as Velvet Ant is targeting critical infrastructure by exploiting a zero-day vulnerability in Cisco NX-OS switches. This serious threat highlights the need for robust monitoring of network appliances.
Learn more about CVE-2024-20399, the exploitation tactics, and how to stay ahead of potential threats.
π Read more: https://vulert.com/blog/chinese-hackers-exploiting-cisco-switches-zero-day/
Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware - Vulert Discover how the Velvet Ant cyber espionage group is exploiting a zero-day flaw in Cisco switches to deliver malware. Learn about the vulnerability, affected devices, and the importance of monitoring network appliances.
03/07/2024
π¨ Critical OpenSSH Vulnerability (CVE-2024-6387)
A new OpenSSH flaw can lead to remote code ex*****on as root on Linux systems, affecting versions 8.5p1 to 9.7p1. Millions of servers are at risk!
π Action Needed:
Apply the latest security patches.
Limit SSH access and enforce network segmentation.
Learn more: https://vulert.com/blog/openssh-rce-vulnerability-linux/
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems - Vulert Discover the critical OpenSSH vulnerability CVE-2024-6387, which can lead to remote code ex*****on as root on Linux systems.
28/06/2024
π¨ Devastating Cyberattack on NHS Hospitals π¨
On June 3rd, cybercriminals launched a severe attack on NHS hospitals, stealing and publishing sensitive patient data. This breach has led to the cancellation of operations and disruptions to primary care services.
Stay informed about this critical incident and its impact on healthcare security.
π Read the full story: https://vulert.com/blog/nhs-hospital-cyberattack/
Devastating Cyberattack: Cybercriminals Publish NHS Hospital Data Online - Vulert Discover the impact of the recent cyberattack on NHS hospitals, the stolen data, and the ongoing investigations.
28/06/2024
π¨ TeamViewer Security Breach Alert π¨
On June 26, 2024, TeamViewer discovered an irregularity in its corporate IT environment. The situation was handled immediately, with no impact on customer data.
π Learn more about the incident and its implications in our blog: https://vulert.com/blog/teamviewer-security-breach/
Stay vigilant and informed about the latest in cyber security.
TeamViewer Detects Security Breach in Corporate IT Environment - Vulert TeamViewer identified a security breach in its corporate IT environment. Discover the implications and preventive measures.
28/06/2024
π¨ Polyfill.io Supply Chain Attack Impacts Over 100,000 Sites! π¨
Over 100,000 websites have been affected by a significant supply chain attack through the Polyfill.io service. This incident highlights the critical need for robust security measures to protect your digital assets.
π Read more: https://vulert.com/blog/polyfillio-supply-chain-attack/
Polyfill.io JavaScript Supply Chain Attack Impacts Over 100K Sites - Vulert Discover how over 100,000 websites were affected by a supply chain attack through the Polyfill.io service. Learn about the implications and how to protect your site from similar threats.
20/06/2024
π¨ Kraken Crypto Exchange Hit by $3 Million Theft π¨
Kraken recently experienced a significant security breach resulting in a $3 million theft due to a critical zero-day flaw. This incident highlights the ongoing need for robust security measures in the cryptocurrency world.
Read the full story here:
Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw - Vulert Discover the details of the recent $3 million theft from Kraken Crypto Exchange due to a zero-day flaw and the involvement of CertiK. Learn how such incidents emphasize the need for robust security measures.
13/06/2024
π¨ Critical Zero-Day Flaw in Pixel Firmware! π¨
Google has identified a high-severity vulnerability (CVE-2024-32896) affecting Pixel devices. Ensure your devices are updated to stay protected!
π Read more: https://vulert.com/blog/pixel-firmware-zero-day-flaw/
Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day - Vulert Google has issued a warning about a zero-day security flaw in Pixel Firmware, tagged as CVE-2024-32896, currently under limited, targeted exploitation. Discover the details and learn how Vulert can help rotect your systems.
20/05/2024
π Cybersecurity Update: Cyber criminals are exploiting GitHub and FileZilla to spread stealer malware and banking trojans in a sophisticated campaign. Learn how these threats operate and what steps you can take to protect your systems.
π Read more: https://vulert.com/blog/github-filezilla-malware/
Cyber Criminals Exploit GitHub and FileZilla to Deliver Cocktail Malware - Vulert Discover how cyber criminals are exploiting GitHub and FileZilla to deliver stealer malware and banking trojans. Learn about their sophisticated tactics and how to protect your systems with Vulert.
08/05/2024
π¨ Critical OpenVPN Security Update!
We've identified major vulnerabilities impacting millions of users. Protect your network:
1) Update OpenVPN now.
2) Limit plugin usage.
3) Regularly audit security.
π Learn more and stay safe: https://vulert.com/blog/critical-openvpn-zero-day-flaws-impact-millions/
Critical OpenVPN Zero-Day Flaws Affecting Millions of Endpoints Across the Globe - Vulert Millions of devices are at risk due to critical zero-day vulnerabilities discovered in OpenVPN. Learn more about the flaws and how to mitigate the risks.
08/05/2024
π¨ Attention Network Administrators and Cybersecurity Experts! π¨
A severe vulnerability (CVE-2023-49606) has been discovered in Tinyproxy, affecting over 50,000 servers globally. This critical flaw can enable remote code ex*****on, posing a significant threat to server integrity.
π‘οΈ It's crucial to update your systems and check out our latest article for detailed mitigation strategies. Letβs keep our digital environments secure!
π Read more here: https://vulert.com/blog/tinyproxy-flaw-cve-2023-49606-rce/
Critical Tinyproxy Flaw Exposes Over 50,000 Hosts to Remote Code Ex*****on (CVE-2023-49606) - Vulert Discover the critical Tinyproxy vulnerability (CVE-2023-49606) exposing over 50,000 servers to potential remote code ex*****on. Learn how to protect your server now.
02/05/2024
π¨ Critical Update for GitLab Users! π¨
CISA warns of a severe vulnerability in GitLab currently being exploited. Don't leave your accounts at risk! Learn how to secure your data with our latest insights.
π Dive into our blog for all the details and protective measures: https://vulert.com/blog/cisa-alert-gitlab-vulnerability-exploitation/
Urgent GitLab Vulnerability Alert: CISA Warns of Active Exploitation - Vulert Explore the urgent CISA alert on the active exploitation of a critical GitLab vulnerability (CVE-2023-7028). Learn about its impacts, potential threats, and crucial remediation steps to enhance your cybersecurity defenses against possible account takeovers and data breaches.
01/05/2024
π¨ Big news in cybersecurity! π¬π§ The UK is stepping up its game by banning default passwords on smart devices starting April 2024. This groundbreaking law aims to close gaps in device security and combat cyber threats more effectively.
π Want to know how this affects you and the tech industry? Check out our detailed breakdown: https://vulert.com/blog/new-uk-law-bans-default-passwords-on-smart-devices/
New U.K. Legislation Prohibits Default Passwords on Smart Devices Starting April 2024 - Vulert Discover how the new U.K. law, effective April 2024, aims to enhance cybersecurity by banning default passwords on smart devices. Learn about the scope, key requirements, and implications of the PSTI Act for manufacturers and consumers.
30/04/2024
π¨ Attention: We've uncovered a serious threat on Docker Hubβover 4 million malicious "imageless" containers. Learn what this means for you and how to stay safe in our latest blog post. π‘οΈ Check it out here: https://vulert.com/blog/millions-malicious-imageless-containers-docker-hub/
Millions of Malicious, Imageless Containers Uncovered on Docker Hub - Vulert Millions of malicious "imageless" containers have been found on Docker Hub. Learn how these containers work, the different attack campaigns, and how to protect yourself.
26/04/2024
π Attention WordPress Users! π
We've uncovered a critical vulnerability in the WP-Automatic plugin (CVE-2024-27956) that poses a serious threat to WordPress sites. This vulnerability can allow hackers to create admin accounts and gain control of your site.
Don't wait for an attack! Our latest blog explains the severity of this issue and provides essential steps to secure your site immediately.
Stay safe and proactive in protecting your online presence. Check out the full details and how to protect your site here: https://vulert.com/blog/wp-automatic-plugin-vulnerability-cve-2024-27956/
Exploiting the WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites (CVE-2024-27956) - Vulert Discover how hackers exploit a critical vulnerability (CVE-2024-27956) in the WP-Automatic plugin for WordPress to create admin accounts and how you can secure your site.
17/04/2024
Unpatched CLI tools expose AWS, Google & Azure credentials in build logs. Our blog post details the LeakyCLI vulnerability & best practices to prevent leaks. Click to learn more!
AWS, Google, and Azure CLI Tools: A Leaky Secret in Your Build Logs - Vulert Explore the vulnerability known as LeakyCLI, where AWS, Google, and Azure CLI tools could expose credentials in build logs. Learn how to secure your cloud with solutions from Vulert.com.
10/04/2024
π₯ Urgent Patch Alert!
Microsoft releases a patch, fixing 149 vulnerabilities. Two vulnerabilities are ALREADY being exploited in the wild.
https://vulert.com/blog/microsofts-april-2024-security-update/
Microsoft's April 2024 Security Update: Addressing 149 Flaws with Focus on Zero-Day Exploitations - Vulert Discover how Microsoft's April 2024 Security Update addresses a record 149 vulnerabilities, including critical zero-day exploits. Stay ahead of cyber threats with insights from Vulert.com.
08/04/2024
Attention all online store owners! A critical vulnerability has been discovered in Magento that could allow hackers to hijack customer payment info. It's crucial to ensure your site is updated and secure. Stay vigilant and protect your customers' data! ππ³ For more details, check out the full article.
Urgent Alert: Cyber Thieves Exploit Critical Magento Flaw to Hijack E-Commerce Payments - Vulert Explore the critical Magento vulnerability CVE-2024-20720 that allows hackers to hijack e-commerce payment information. Discover key defensive strategies for e-commerce platforms to safeguard against sophisticated cyber threats and ensure the security of consumer financial data in the digital market...
05/04/2024
Attention all web developers and cybersecurity enthusiasts! A new vulnerability has been identified in the HTTP/2 protocol that could put your websites at risk. Dubbed the "HTTP/2 Continuation Flood," this vulnerability exploits the protocol's continuation frames, potentially allowing attackers to overload and disrupt services. Stay informed and ensure your systems are safeguarded against this threat. Check out the full details here: https://vulert.com/blog/http-2-continuation-flood-vulnerability