The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site’s database. […]
Category Added in a WPeMatico Campaign
New Reptar CPU flaw impacts Intel desktop and server systems
Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures. […]
VMWare discloses critical VCD Appliance auth bypass with no patch
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. […]
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution. […]
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files. […]
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
Today is Microsoft’s November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities. […]
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs
Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface). […]
Windows 11 KB5032190 update enables Moment 4 features for everyone
Microsoft has released the KB5032190 cumulative update to fix security vulnerabilities in Windows 11. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features, provided you turn on the “Get latest updates” toggle. […]
Meet the Unique New “Hacking” Group: AlphaLock
A Russian hacking group known as AlphaLock is launching a “pentest” marketplace and training platform to empower a new generation of threat actors. Learn more from Flare about the new hacking group. […]
Ethereum feature abused to steal $60 million from 99K victims
Malicious actors have been abusing Ethereum’s ‘Create2’ function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. […]
