The flaw, CVE-2024-41721, in bhyve's USB emulation functionality could lead to malicious code execution, posing a serious threat to systems running vulnerable versions of FreeBSD.

The flaw, tracked as CVE-2023-27584, stems from a hard-coded cryptographic key used in the authentication process, posing a serious risk of unauthorized access, including admin-level privileges.

This flaw, tracked as CVE-2024-8986 with a CVSS score of 9.1, could lead to the unintentional exposure of sensitive information, such as repository credentials, due to the build metadata being included in compiled binaries.

The vulnerability lies in Keycloak's XMLSignatureUtil class, which incorrectly verifies SAML signatures, disregarding the vital "Reference" element that specifies the signed portion of the document.

The Lumma Stealer malware is being distributed through deceptive human verification pages that trick Windows users into running malicious PowerShell commands, leading to sensitive information theft.

This unique malware campaign stood out for its precise targeting of Italian victims, with checks implemented to ensure the system language was set to Italian before infecting the device.

Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access.

These vulnerabilities can lead to remote code execution and privilege escalation, posing a significant risk to affected systems. For example, the Oracle JDeveloper vulnerability can allow attackers to compromise the software and take over the system.

A sophisticated campaign is using GitHub repositories to spread the Lumma Stealer malware, targeting users interested in open-source projects or receiving email notifications from them.

Datadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.