Open Source Alerts

Centreon Hit by Critical SQL Injection Flaws

Both vulnerabilities carry a CVSS score of 9.1, indicating their severity and potential impact. CVE-2024-55573 exploits a flaw in the form used to create virtual metrics, while CVE-2024-53923 targets the media upload functionality in Centreon Web.

Apple Fixes This Year’s First Actively Exploited Zero-Day Vulnerability

The zero-day fixed today is tracked as CVE-2025-24085 [iOS/iPadOS, macOS, tvOS, watchOS, visionOS] and is a privilege escalation security flaw in Apple's Core Media framework.

Critical Linux Kernel SMB Server Bugs Uncovered, PoC Published

With proof-of-concept exploits available, attackers could quickly weaponize these flaws for advanced persistent threats (APTs), ransomware operations, or espionage campaigns.

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The attack leverages differences in how web servers, frameworks, and browsers handle cookies based on legacy standards such as RFC2109, in contrast to the modern RFC6265 standard.

Update: SimpleHelp RMM Vulnerabilities Exploited in Latest Cyberattack Campaign

The campaign, first observed on January 22, 2025, involves threat actors leveraging recently disclosed vulnerabilities in SimpleHelp to compromise devices running the software.

GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user's Git credentials.

Critical Vulnerability Discovered in One Identity Manager

Organizations relying on One Identity Manager must act swiftly to patch their systems and prevent potential breaches that could compromise their valuable data and operations.

AMD Processor Vulnerability Inadvertently Leaked Early

AMD is aware of a newly reported processor vulnerability. Execution of the attack requires both local administrator-level access to the system, and the development and execution of malicious microcode.

Mitel OpenScape Users Urged to Update Now

Mitel has released fixes for both vulnerabilities and strongly recommends that customers update their OpenScape 4000 and OpenScape 4000 Manager systems to the latest versions as soon as possible.

Hackers Use XWorm RAT to Exploit Script Kiddies, Pwning 18,000 Devices

This campaign resulted in compromising over 18,459 devices globally. The stolen data included sensitive information like browser credentials, Discord tokens, Telegram data, and system information from the compromised devices.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags