More results...
FreePBX administrators worldwide have been urged to immediately disable public internet access to their systems after a critical 0-day vulnerability was discovered in the commercial Endpoint Manager module. The Sangoma FreePBX Security Team confirmed t…
Cybersecurity researchers successfully exploited critical zero-day vulnerabilities in two discontinued network security devices during DistrictCon’s inaugural Junkyard competition in February, earning runner-up recognition for Most Innovative Exp…
The advanced persistent threat group UNC3886 has escalated its sophisticated cyber espionage campaign by exploiting multiple zero-day vulnerabilities across critical infrastructure platforms, including VMware vCenter, ESXi hypervisors, and Fortinet For…
A new class of cyberattack called RenderShock has been identified that can compromise enterprise systems without requiring any user interaction, exploiting the very productivity features designed to help workers preview and process files automatically….
A newly discovered pre-authentication denial-of-service (DoS) vulnerability in Microsoft’s Windows Deployment Services (WDS) exposes enterprise networks to instant system crashes via malicious UDP packets. Dubbed a “0-click” flaw, attackers c…
Security researchers have linked the notorious RedGolf hacking group to a wave of exploits targeting Fortinet firewall zero-days and the deployment of custom cyber attack tools. The exposure of a misconfigured server tied to the KeyPlug malware—a hallm…
Hackers exploit Zero-Days because these vulnerabilities are unknown to software developers, making them valuable for launching attacks before developing patches. Zero-day exploits provide an opportunity to:- Cybersecurity researchers at Securelist recently discovered a malicious operation dubbed “Triangulation,” in which threat actors exploit the 0-click iMessage attack using four zero-days to hack iPhones. Zero-days discovered Here […]
The post Operation Triangulation: 0-click Attack Chained With 4 Zero-Days to Hack iPhones appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
A new vulnerability has been discovered in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. Apache OfBiz is used as a part of the software supply chain in Atlassian’s JIRA, which is predominantly used in several organizations. This vulnerability was a bypass to a previously discovered vulnerability, CVE-2023-49070. Since the root issue of CVE-2023-49070 […]
The post Critical Apache OfBiz Zero-Day Let Attackers Bypass Authentication appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
The Chinese cyberespionage gang, identified as UNC3886, has been spotted employing a VMware ESXi zero-day vulnerability to get escalated privileges on guest virtual machines. UNC3886 has been using malicious vSphere Installation Bundles (VIBs), typical…