Penetration Testing

APRIL 28, 2024

Cybersecurity researcher Gabe Kirkpatrick shared technical details and proof-of-concept (PoC) exploit code for a high-severity elevation of privilege vulnerability (CVE-2024-26218) bug affecting the Windows Kernel.

Penetration Testing 145

Penetration Testing Cybersecurity 145

Penetration Testing

APRIL 1, 2024

JumpServer, a popular open-source bastion host system, has recently been found to contain two critical vulnerabilities (CVE-2024-29201 and CVE-2024-29202) that could allow attackers to execute arbitrary code remotely.

Penetration Testing 133

Penetration Testing Risk 133

Penetration Testing

MAY 2, 2024

Microsoft’s Senior Security Researcher Vladimir Tokarev will detail a series of critical zero-day vulnerabilities in OpenVPN, the world’s leading VPN solution, used by millions of endpoints globally at the upcoming Black Hat USA 2024... The post Microsoft Researcher to Unveil 4 OpenVPN Zero-Day Vulnerabilities at Black Hat USA (..)

Penetration Testing 141

Penetration Testing VPN 141

Penetration Testing

APRIL 22, 2024

Security researcher Naor Hodorov has made public a proof-of-concept (PoC) exploit for a severe vulnerability (CVE-2024-21111) in Oracle VirtualBox. and allows attackers with basic access to a... The post Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Penetration Testing

APRIL 3, 2024

Google has revealed in their April 2024 Pixel Update Bulletin that several serious security flaws could be putting your Pixel device at risk.

Penetration Testing 135

Penetration Testing Risk 135

Penetration Testing

FEBRUARY 28, 2024

Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing Risk 138

Penetration Testing

APRIL 29, 2024

Researchers from HiddenLayer have discovered a significant vulnerability in the R programming language, tracked as CVE-2024-27322, that exposes users to arbitrary code execution through deserialized data.

Penetration Testing 130

Penetration Testing Risk 130

Penetration Testing

APRIL 22, 2024

This zero-day flaw, identified as CVE-2024-4040 with a CVSS score of 7.7, poses a severe risk to organizations... The post CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign appeared first on Penetration Testing.

Penetration Testing 137

Penetration Testing Software Risk 137

Penetration Testing

APRIL 28, 2024

These flaws, if exploited,... The post CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Manufacturing Software 145

Penetration Testing

MAY 9, 2024

However, recent discoveries... The post CVE-2024-34350 & CVE-2024-34351: Two Vulnerabilities Patched in Popular Next.js Framework appeared first on Penetration Testing.

Penetration Testing 77

Penetration Testing 77

Penetration Testing

MAY 6, 2024

Their... The post Major VPN Flaw Exposed: “TunnelVision” (CVE-2024-3661) Threatens Security on Public Networks appeared first on Penetration Testing.

VPN 129

VPN Penetration Testing 129

Penetration Testing

MAY 6, 2024

The issue tracked... The post CVE-2024-34456: Trend Micro Patches Code Injection Vulnerability in Antivirus One appeared first on Penetration Testing.

Antivirus 122

Antivirus Penetration Testing Software Cybersecurity 122

Penetration Testing

MAY 10, 2024

Technical details have emerged about a significant security vulnerability, CVE-2024-21115, which has been discovered in Oracle VM VirtualBox, a widely used product under Oracle Virtualization.

Penetration Testing 89

Penetration Testing 89

Penetration Testing

APRIL 30, 2024

The vulnerability, tracked as CVE-2024-27790, has been... The post CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed appeared first on Penetration Testing.

Penetration Testing 119

Penetration Testing Risk Software 119

Penetration Testing

APRIL 19, 2024

A recently discovered flaw in the GNU C Library’s (glibc) iconv function (CVE-2024-2961) carries severe implications for web applications built on PHP.

Penetration Testing 145

Penetration Testing 145

Penetration Testing

APRIL 21, 2024

This flaw, designated CVE-2024-29291, affects versions 8.* of... The post Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk appeared first on Penetration Testing. through 11.*

Penetration Testing 142

Penetration Testing Risk Data breaches 142

Penetration Testing

APRIL 18, 2024

The patches address a high-severity vulnerability, designated CVE-2024-20380 (CVSS 7.5), that could allow unauthenticated, remote attackers to crash ClamAV... The post ClamAV Issues Urgent Patch for High-Risk DoS Vulnerability CVE-2024-20380 appeared first on Penetration Testing.

Penetration Testing 137

Penetration Testing Risk Antivirus Software 137

Penetration Testing

MAY 7, 2024

This flaw (CVE-2024-29212) opens a door... The post CVE-2024-29212: Veeam RCE Vulnerability Exposes Data Protection Services to Risk appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing Risk Backups 98

Penetration Testing

APRIL 29, 2024

This vulnerability, designated CVE-2024-32656, stems from a misconfiguration that... The post Ant Media Server Flaw Grants Local Users Root Access (CVE-2024-32656) appeared first on Penetration Testing.

Media 115

Media Penetration Testing 115

Penetration Testing

JANUARY 29, 2024

Discovered through Google’s OSS-Fuzz service, three security vulnerabilities have been identified in its systems, two of which... The post CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws appeared first on Penetration Testing.

Penetration Testing 142

Penetration Testing 142

Penetration Testing

MAY 7, 2024

Attackers are weaponizing two critical vulnerabilities, CVE-2023-46805 (authentication bypass) and CVE-2024-21887... The post Mirai Botnet Exploits Ivanti Vulnerabilities (CVE-2023-46805 & CVE-2024-21887) appeared first on Penetration Testing.

Penetration Testing 95

Penetration Testing Authentication Malware 95

Penetration Testing

APRIL 5, 2024

This vulnerability, designated CVE-2024-3116, allows attackers to execute malicious code on servers... The post CVE-2024-3116: Critical pgAdmin Vulnerability Exposes Databases to Remote Attacks appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing 139

Penetration Testing

APRIL 21, 2024

Citrix has released an urgent security advisory regarding a vulnerability (CVE-2024-3902) discovered in its uberAgent software. High), could allow attackers to escalate their privileges within... The post Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902) appeared first on Penetration Testing.

Penetration Testing 116

Penetration Testing Software 116

Penetration Testing

MARCH 22, 2024

These flaws were skillfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest. Zero-Day Dangers Zero-day vulnerabilities... The post Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024 appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Hacking 139

Penetration Testing

APRIL 25, 2024

A significant vulnerability has been exposed in the widely-used Skylab IGX IIoT Gateway (CVE-2024-4163), allowing attackers to escalate their privileges and potentially take complete control of the affected devices.

Penetration Testing 116

Penetration Testing 116

Penetration Testing

MARCH 17, 2024

These vulnerabilities, labeled CVE-2024-28353 and CVE-2024-28354, leave these routers alarmingly exposed to potential remote... The post CVE-2024-28353 & 28354: TRENDnet Router Takeover Flaws Exposed, No Patch Available appeared first on Penetration Testing.

Penetration Testing 143

Penetration Testing 143

Penetration Testing

MARCH 31, 2024

The technical details and proof-of-concept (PoC) exploit code has been released for a significant vulnerability, designated CVE-2024-0582 (CVSS 7.8) could allow attackers with local... The post CVE-2024-0582: Serious Linux Kernel Bug Opens Door to System Takeovers, PoC Published appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Penetration Testing

APRIL 30, 2024

Identified as CVE-2024-2912, this vulnerability lies in the way the software handles data, potentially... The post CVE-2024-2912: Critical ‘BentoML’ Flaw Opens AI Systems to Remote Takeover appeared first on Penetration Testing.

Penetration Testing 108

Penetration Testing Software 108

Penetration Testing

APRIL 4, 2024

A vulnerability (CVE-2024-31498) with a CVSS score of 7.7 was discovered, allowing attackers to exploit elevated privileges on... The post YubiKey Manager Flaw (CVE-2024-31498): Patch Now To Prevent Admin Privilege Escalation on Windows appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing Software 145

Penetration Testing

FEBRUARY 26, 2024

Two security vulnerabilities (CVE-2024-24401 and CVE-2024-24402) have been identified in Nagios XI, a widely used enterprise-grade monitoring tool. Nagios XI... The post CVE-2024-24401 & 24402: Nagios XI Security Flaws Found! PoC Published appeared first on Penetration Testing. What is Nagios XI?

Penetration Testing 144

Penetration Testing Software Risk 144

Hack the Box

JANUARY 23, 2024

Our 2024 guide on web application penetration testing is perfect for beginners. Learn to identify vulnerabilities, exploit weaknesses, and report findings ethically.

Penetration Testing 52

Penetration Testing 52

Penetration Testing

FEBRUARY 11, 2024

This vulnerability, designated CVE-2024-0985 (CVSS 8.0), could allow attackers to execute malicious code with... The post CVE-2024-0985: PostgreSQL’s Critical Security Flaw Exposed appeared first on Penetration Testing.

Penetration Testing 144

Penetration Testing System Administration Software 144

Penetration Testing

MARCH 10, 2024

The vulnerability, designated as CVE-2024-22252, could potentially allow attackers to... The post Thousands of VMware ESXi Instances Exposed to Critical CVE-2024-22252 Vulnerability appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145

Penetration Testing

MARCH 1, 2024

This flaw, tracked as CVE-2024-0692, could allow unauthenticated attackers to take complete control of... The post CVE-2024-0692: SolarWinds Security Event Manager Unauthenticated RCE Flaw appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing 141

Penetration Testing

MARCH 13, 2024

Recently, researchers at the Zero Day Initiative (ZDI) have dissected a complex DarkGate malware campaign targeting users through a zero-day flaw in Microsoft Windows SmartScreen (CVE-2024-21412).

Penetration Testing 139

Penetration Testing Malware 139

Penetration Testing

APRIL 5, 2024

Dell has released a critical security patch addressing a severe vulnerability (CVE-2024-0172) in the BIOS software used on a wide range of its PowerEdge Server and Precision Rack systems.

Penetration Testing 140

Penetration Testing Software 140

Penetration Testing

FEBRUARY 5, 2024

Google, a titan in the digital realm, has once again demonstrated its commitment to user security with the release of its February 2024 security updates for Android. This latest security bulletin brings to the... The post CVE-2024-0031: Critical Android Remote Code Execution Vulnerability appeared first on Penetration Testing.

Penetration Testing 145

Penetration Testing 145