The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.
The post Apache Makes Another Attempt at Patching Exploited RCE in OFBiz appeared first on SecurityWeek.
DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign
Two DrayTek vulnerabilities added by CISA to its KEV catalog have been exploited by multiple threat groups to steal data from organizations worldwide.
The post DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign appeared first on SecurityWeek.
Android’s September 2024 Update Patches Exploited Vulnerability
Google has released Android security updates to patch an exploited local privilege escalation vulnerability.
The post Android’s September 2024 Update Patches Exploited Vulnerability appeared first on SecurityWeek.
WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies
A WPS Office zero-day vulnerability tracked as CVE-2024-7262 was exploited by South Korean hacker group APT-C-60.
The post WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies appeared first on SecurityWeek.
Second Apache OFBiz Vulnerability Exploited in Attacks
CISA is warning organizations that a second Apache OFBiz flaw is being exploited in the wild shortly after the release of PoC exploits.
The post Second Apache OFBiz Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Google Warns of Exploited Chrome Vulnerability
Google flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild.
The post Google Warns of Exploited Chrome Vulnerability appeared first on SecurityWeek.
SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw
SolarWinds has issued a Web Help Desk hotfix to remove hardcoded credentials from last week’s hotfix for a critical-severity vulnerability.
The post SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw appeared first on SecurityWeek.
CISA Warns of Exploited Vulnerabilities Impacting Dahua Products
CISA warns that attackers are exploiting two critical-severity authentication bypass vulnerabilities impacting multiple Dahua products.
The post CISA Warns of Exploited Vulnerabilities Impacting Dahua Products appeared first on SecurityWeek.
Google Patches Sixth Exploited Chrome Zero-Day of 2024
Chrome 128 was released in the stable channel with patches for 38 vulnerabilities, including a V8 JavaScript engine flaw exploited in the wild.
The post Google Patches Sixth Exploited Chrome Zero-Day of 2024 appeared first on SecurityWeek.
Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities
CISA is warning organizations about abuse of Cisco Smart Install feature, as Cisco is notifying customers about critical phone vulnerabilities it’s not patching.
The post Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities appeared first on SecurityWeek.