bug

Kernel protection turned out to be powerless against the new PoC exploit. A critical vulnerability in the Common Log File System (CLFS) driver has been discovered in the Windows 11 operating system, which allows local users to escalate their privileges. CLFS is responsible for efficiently...

The corporation destroyed another way to infect systems. Microsoft has fixed a zero-day vulnerability that was actively used to spread the QakBot botnet on Windows systems. The heap-based buffer overflow vulnerability CVE-2024-30051 (CVSS score 3.1: 7.8) affects the Desktop Window Manager...

The negligence of administrators leads to theft of corporate data. Forescout has discovered a new campaign that exploits a vulnerability in Fortinet FortiClient EMS devices to spread malware. The SQL injection vulnerability CVE-2023-48788 (CVSS score: 9.8) allows an unauthorized attacker to...

If you didn't update your Linux – you lost your computer. Security researcher Notselwyn discovered a new vulnerability in Linux that allows you to get root rights. The bug affects versions of the Linux kernel from 5.14 to 6.6.14. Vulnerability CVE-2024-1086 (CVSS score: 7.8) affects many...

The WallEscape vulnerability went unnoticed for 11 years. Did hackers manage to use it? A serious vulnerability has been discovered in the Linux operating system that allows unprivileged attackers to steal passwords or change the victims clipboard. The problem concerns the wall command in the...

Positive Technologies launches another program to search for vulnerabilities in its products. Another program to search for vulnerabilities in Positive Technologies products was launched on the Standoff 365 Bug Bounty platform. Researchers can receive up to 1 million rubles for detected...

CVE-2024-27198 opened a compromise portal for hackers. When will the administrators close it? Attackers continue to actively exploit vulnerabilities in the JetBrains TeamCity software, deploying ransomware, cryptocurrency miners, Cobalt Strike beacons, and Spark RAT remote access Trojans. The...

ConnectWise asks customers to take action before it's too late. ConnectWise is asking its customers to update their ScreenConnect servers urgently. The reason was a critical vulnerability that allows bypassing authentication and executing arbitrary code remotely. Attackers can use this flaw to...

What are the consequences of a vulnerability if information about it is carefully hidden? The company Thirdweb, specializing in the development of smart contracts, discovered a vulnerability affecting many smart contracts in the Web3 ecosystem. The problem was identified in the popular open...

The August patch was not the most reliable measure. A dangerous bug has been discovered in the popular secure file sharing software CrushFTP, which gives attackers the opportunity to gain full control over the vulnerable server. In fact, Converge experts discovered the vulnerability...

The VMware vulnerability puts your data at risk even after updates. VMware, which specializes in virtualization services, warned its customers about the existence of a PoC exploit for a recently patched vulnerability in the Aria Operations for Logs product. The authentication bypass...

A logical error was detected in NVMe-oF / TCP, which gives full access to the system. A vulnerability identified as CVE-2023-5178 has been identified in the Linux subsystem known as nvmet-tcp (NVMe-oF/TCP), which is designed to access NVMe drives over a network using the TCP protocol. The...