The Apache HugeGraph team has released version 1.5.0, which effectively patches this vulnerability. All users of Apache HugeGraph-Server versions 1.0 through 1.3 are strongly urged to upgrade to 1.5.0 immediately.

These flaws affect specific versions of the Amazon Redshift JDBC Driver, Python Connector, and ODBC Driver, highlighting a common weakness in how these tools handle metadata API calls.

This vulnerability, identified as CVE-2024-45387 and assigned a CVSS score of 9.9, could allow attackers to execute malicious SQL code, potentially compromising sensitive data and disrupting critical services.

Security researcher Alex Birnberg with SSD Secure Disclosure published the technical details and a proof-of-concept (PoC) exploit code for CVE-2024-30085, a Windows Cloud Files Mini Filter Driver Elevation of Privilege vulnerability.

The vulnerability was discovered by Trend Micro’s Zero Day Initiative and has been addressed in Webmin version 2.111. All Webmin and Virtualmin administrators are strongly urged to update their installations immediately.

Holy League employs a blend of DDoS attacks, website defacements, and data breaches to incite fear and attract attention. Their propaganda combines dystopian visuals and religious themes.

CrushFTP urges all users to update their servers to the latest versions (10.8.3 or 11.2.3) as soon as possible. In addition to patching, administrators must configure allowed email reset URL domains to further enhance security.

Versions of ‘systeminformation’ up to and including 5.23.6 are affected by this vulnerability. The maintainers have released version 5.23.7, which addresses the issue. Users are strongly urged to update to the latest version immediately.

The attack chain often begins with HTTP POST requests to download Mirai malware variants, escalating to broader network compromises. By targeting outdated firmware, the botnet gains control of devices that manufacturers no longer support.

The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337.