Alert

Apple released critical updates for its various products including for iOS, iPadOS, macOS, visionOS, and Safari to fix two zero-day vulnerabilities actively being exploited in the wild. The flaws are listed below: CVE-2024-44309 : A vulnerability in cookie handling that could allow a cross-site scripting (XSS) attack when processing harmful …

“Palo Alto Networks has observed threat activity exploiting an unauthenticated remote command execution vulnerability against a limited number of firewall management interfaces which are exposed to the Internet. We are actively investigating this activity,” reads the security bulletin by the cybersecurity provider Palo Alto Networks. On November 8, Palo Alto …

A significant security flaw, CVE-2024-52301, has been found in the Laravel framework, which is widely used for web applications. With a CVSS rating of 8.7, this vulnerability could allow unauthorized access, data tampering, and privilege escalation in many Laravel applications. CVE-2024-52301 pertains to inadequate input validation in Laravel’s environment configuration. …

On November 7, 2024, CISA released advisories about 3 critical security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS). ICSA-24-312-01 Beckhoff Automation TwinCAT Package Manager: CISA has identified a serious vulnerability in Beckhoff Automation’s TwinCAT Package Manager, a key software in manufacturing. The flaw, called CVE-2024-8934, relates to …

Advertisement for selling the credentials of allegedly belonging to Indian government emails surfaced on the dark web marketplace. A hacker on a private forum claims that purchasing access to these government email accounts can make anyone willing to pay a few thousand rupees “become” a government officer. The forum post …

Bangladesh faced a 105% rise in cyber incidents from the second to the third quarter of 2024, making it one of the countries with the fastest increase in cyberattacks. It ranks second after Japan (108%) and is closely followed by France (130%), underscoring significant cybersecurity challenges. The “Quarterly Threat Intelligence …

CISA has added a patched critical security flaw in Palo Alto Networks Expedition to its Known Exploited Vulnerabilities catalog due to signs of active exploitation. The vulnerability CVE-2024-5910 (CVSS score: 9.3) involves missing authentication in the Expedition migration tool, potentially allowing an admin account takeover. “Palo Alto Expedition contains a …

A new sophisticated scam is targeting Gmail users, using artificial intelligence to manipulate them into giving away account access. This “super realistic AI scam call” includes fake recovery notifications, spoofed phone numbers, and convincing AI voices to trick users. The scam usually starts with an unexpected Gmail account recovery notification …

CISA has issued a warning about a vulnerability in unencrypted persistent cookies in the F5 BIG-IP Local Traffic Manager (LTM) module. This issue poses a risk for organizations using F5 BIG-IP, as it can be exploited by cybercriminals. CISA warns that cybercriminals are using unencrypted persistent cookies to discover details …

In its recent Patch Tuesday release, Microsoft fixed 118 vulnerabilities, including five zero-day flaws, two of which are currently being exploited. The updates affect multiple Microsoft products, such as Windows, Office, Azure, .NET, and Visual Studio. Zero-Day Vulnerabilities: Among the five zero-day vulnerabilities patched, two were actively exploited in the …