GitLab warns zero-click vulnerability could lead to account takeovers
GitLab has warned about a critical vulnerability that allows an attacker to change passwords without user interaction.
Read moreExploits and vulnerabilities
Joomla! vulnerability is being actively exploited
A vulnerability in the popular Joomla! CMS has been added to CISA’s known exploited vulnerabilities catalog.
Read moreAct now! Ivanti vulnerabilities are being actively exploited
Several international security agencies are echoing a warning by Ivanti about actively exploited vulnerabilities in its VPN solution.
Read moreInfo-stealers can steal cookies for permanent access to your Google account
Several info-stealers have incorporated an exploit that allows them to gain permanent access to your Google account
Read morePatch now! First patch Tuesday of 2024 is here
Microsoft’s patch Tuesday roundup looks like a relatively quiet one. Unless your organization uses FBX files.
Read moreHow AI hallucinations are making bug hunting harder
People using LLMs for bug bounty hunts are wasting developers’ time argues the lead developer of cURL. And he’s probably right.
Read moreExplained: SMTP smuggling
Researchers have found flaws in the way SMTP servers handle messages, allowing them to send spoofed emails to and from targets.
Read moreRecently-patched Apache Struts vulnerability used in worldwide attacks
A recently patched Apache Struts 2 vulnerability has been spotted in worldwide exploitation attempts. Users and admins should update ASAP.
Read more