Oracle has released its Critical Patch Update (CPU) for April 2024, addressing 372 vulnerabilities across multiple products. The Critical Patch Update provides fixes for security flaws in widely-used Oracle products including Database Server, Fusion Middleware, Enterprise Manager, E-Business Suite, Supply …
A severe vulnerability has been discovered in the PuTTY client and related components, allowing attackers to fully recover NIST P-521 private keys. The PuTTY client generates heavily biased ECDSA nonces when using the NIST P-521 elliptic curve, causing the vulnerability …
The automotive industry is experiencing a surge in BEC and VEC attacks, a type of email scam designed to trick employees into transferring money or revealing sensitive information. A recent incident where a fraudster stole $37 million from Toyota Boshoku …
Ukrainian hackers have successfully infiltrated and disabled a vast network of industrial sensors and monitoring infrastructure in Russia, leading to a significant shutdown of sewage systems, among other utilities. The group, known as BlackJack, executed the attack on the 9th of April, …
Node.js project disclosed a high-severity vulnerability affecting multiple active release lines of its software on Windows platforms. This flaw, identified as CVE-2024-27980, allows attackers to execute arbitrary commands on affected systems, posing a serious risk to applications and services built …
A sophisticated malvertising campaign is targeting system administrators across North America. The attackers are using fake ads for popular system utilities to distribute a dangerous strain of malware known as Nitrogen. Step 1: Luring Victims with Malicious Ads The campaign exploits the trust users place in search engine advertisements. By displaying sponsored search results for …
Hospitals across the nation are on high alert as sophisticated cybercriminals use advanced social engineering tactics to target IT help desks. The Health Sector Cybersecurity Coordination Center (HC3) has issued a Sector Alert detailing the latest threat to the healthcare industry. The HC3’s …
Apache released updates to address several vulnerabilities impacting the Apache HTTP server that let attackers launch HTTP/2 DoS attacks and insert malicious headers. Server operations are being adversely affected by these vulnerabilities, which are proving to be a serious danger. A …
Over a million WordPress websites have been at risk due to a critical SQL Injection vulnerability discovered in the popular LayerSlider plugin. The flaw, CVE-2024-2879, could allow unauthenticated attackers to extract sensitive data, including password hashes, from websites’ databases. CVE-2024-2879: A Critical …
The critical vulnerabilities in JumpServer’s Ansible that allowed attackers to execute arbitrary remote code have been patched. With a CVSS base score of 10, the critical vulnerabilities identified as CVE-2024-29201 and CVE-2024-29202 impact versions v3.0.0-v3.10.6. A jump server is an intermediary device that …