🚨 Warning: A critical #vulnerability (CVE-2024-9680) in Firefox is being actively exploited.

Don’t wait—ensure your browsers are updated now to protect against potential remote code execution.

Learn more: https://thehackernews.com/2024/10/mozilla-warns-of-active-exploitation-in.html

A critical unpatched #vulnerability (CVE-2024-9441) in the Nice Linear eMerge E3 access controller has been uncovered, carrying a CVSS score of 9.8, with proof-of-concept exploits already circulating.

Learn more: https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html

Iranian threat actor OilRig is exploiting a Windows Kernel #vulnerability (CVE-2024-30088) to gain SYSTEM privileges, enabling backdoor deployment and data theft.

Learn how to protect your systems now https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html

🛑 Kubernetes Image Builder #vulnerability (CVE-2024-9486) has a serious root access flaw.

With a CVSS score of 9.8, this flaw lets attackers exploit default credentials to take over virtual machines using certain image builds.

Read: https://thehackernews.com/2024/10/critical-kubernetes-image-builder.html

VMware has released updates for CVE-2024-38812, a critical #vulnerability in vCenter Server.

With a CVSS score of 9.8, this heap-overflow flaw could allow remote code execution, fundamentally jeopardizing organizational security.

Read: https://thehackernews.com/2024/10/vmware-releases-vcenter-server-update.html

A new #vulnerability in Styra's Open Policy Agent (CVE-2024-8260) could expose NTLM credentials to attackers.

Attackers can exploit it to relay authentication, reinforcing the need for stringent input validation across all applications.

Read: https://thehackernews.com/2024/10/security-flaw-in-styras-opa-exposes.html

North Korea's Lazarus Group exploits a zero-day #vulnerability (CVE-2024-4947) in Google Chrome to target the #cryptocurrency sector.

Exploitation strategy involved social media manipulation and fake game promotions.

Learn more: https://thehackernews.com/2024/10/lazarus-group-exploits-google-chrome.html

Cisco has patched CVE-2024-20481, a #vulnerability affecting its ASA and Firepower devices that could lead to a denial-of-service (DoS) for Remote Access VPNs.

Learn more: https://thehackernews.com/2024/10/cisco-issues-urgent-fix-for-asa-and-ftd.html

Researchers identified a #vulnerability in AWS CDK that may lead to account takeover, with over 1% of users at risk from predictable S3 bucket names.

The solution: update your CDK version and customize bucket names.

Read: https://thehackernews.com/2024/10/aws-cloud-development-kit-vulnerability.html

Attention: CVE-2024-41992 #vulnerability in Wi-Fi Test Suite could give attackers full control over Arcadyan routers. The flaw allows for command injection, enabling full administrative access.

Find details here → https://thehackernews.com/2024/10/researchers-discover-command-injection.html