Friday , July 3 2026
woodcutter

TENABLE REPORT
Critical bug “Fluent Bit” impact all major cloud platforms

Fluent Bit, a widely used logging utility, has a critical vulnerability. This vulnerability can lead to denial-of-service attacks, information disclosure, and potentially remote code execution (RCE). Tenable, a cybersecurity firm, discovered this vulnerability.

Fluent Bit is an open source tool that collects and processes large amounts of log data from various sources. It has billions of downloads and is being deployed over 10 million times daily.

Nepal Unveils First “Hall of Fame” for Ethical Hackers

Nepal has started a 'Hall of Fame' program to honor cybersecurity researchers who safely report security flaws in government digital...
Read More
Nepal Unveils First “Hall of Fame” for Ethical Hackers

900+ Oracle E-Business instances Exposed Online

The Shadowserver Foundation found about 950 Oracle E-Business Suite (EBS) systems on the internet around the world. This discovery came...
Read More
900+ Oracle E-Business instances Exposed Online

India asks WhatsApp not to roll out ‘username’ feature over fraud concerns

The Indian government issued a notice WhatsApp planned to roll out its new 'username' feature. They are worried about fake...
Read More
India asks WhatsApp not to roll out ‘username’ feature over fraud concerns

Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising...
Read More
Azure CLI Password Spray Impacts 78 Microsoft Accounts in 81M+ Attempts

Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Chrome 151 has a new update that fixes 382 security problems. This includes 15 critical issues that could allow attackers...
Read More
Chrome Update Patches 382 Vulnerabilities, Including 15 Critical

Apple fixes more than 30 iOS, macOS, and Safari flaws

Apple released security updates on Monday for iOS, macOS, and Safari. These updates fix more than thirty issues, including four...
Read More
Apple fixes more than 30 iOS, macOS, and Safari flaws

Attackers exploit critical flaw in Oracle E-Business

Attackers are now using a flaw (called CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial app, according to the security...
Read More
Attackers exploit critical flaw in Oracle E-Business

WhatsApp to allow usernames instead of phone numbers

WhatsApp is about to release a big update that may change how people communicate on the app. Soon, users can...
Read More
WhatsApp to allow usernames instead of phone numbers

Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

The Linux Foundation said on Thursday that they are starting a new project to fix flaws in open source software...
Read More
Linux Unveils New Open Source Security Project “Akrites” For (OSS) Ecosystem

Data breach affects 14.2 million email logins across six ISPs

KDDI Corporation, a Japanese telecom company, revealed a data breach. Hackers got into one of its email systems that five...
Read More
Data breach affects 14.2 million email logins across six ISPs

Developers claim it’s used by big cloud companies like Microsoft, Google Cloud, and AWS, as well as tech giants like Cisco, LinkedIn, VMware, Splunk, Intel, Arm, and Adobe.

Tenable researchers discovered a critical memory corruption vulnerability in Fluent Bit’s built-in HTTP server. The vulnerability is named Linguistic Lumberjack and has been assigned the official identifier CVE-2024-4323.

The cybersecurity firm confirmed that if someone has access to the Fluent Bit monitoring API, they can launch a DoS attack or obtain sensitive information.

Exploiting CVE-2024-4323 for RCE may be possible, but it depends on factors like the operating system and host architecture.

“While heap buffer overflows such as this are known to be exploitable, creating a reliable exploit is not only difficult, but incredibly time intensive,” Tenable explained.

On Monday, the company released technical information and a proof-of-concept (PoC) exploit for DoS attacks.

Tenable shared its findings with Fluent Bit developers in April, but the patch has not been officially released yet. The security firm also informed Microsoft, AWS, and Google Cloud about the findings on May 15th.

Users can implement mitigations for Fluent Bit by restricting access to the tool’s API and disabling any unused endpoints.

Check Also

AI chip

OpenAI unveils its first custom chip, Named Jalapeño

On Wednesday, OpenAI introduced its first special AI chip. This is aimed at growing from …