Researchers have identified a #vulnerability in Citrix Virtual Apps that allows unauthenticated RCE through improper deserialization.

Read more: https://thehackernews.com/2024/11/new-flaws-in-citrix-virtual-apps-enable.html

Patches are available, but many organizations may still be exposed if not updated.

Exploit alert: Russia-linked threat actors have actively exploited the CVE-2024-43451 #vulnerability to deploy Spark RAT, with the potential for significant damage through credential theft.

Read: https://thehackernews.com/2024/11/russian-hackers-exploit-new-ntlm-flaw.html

⚠️ Researchers have identified a high-severity #vulnerability (CVE-2024-10979) in PostgreSQL, allowing unprivileged users to alter environment variables, leading to potential code execution or information leaks.

Read: https://thehackernews.com/2024/11/high-severity-flaw-in-postgresql-allows.html

🔴 New Threat Alert: BrazenBamboo, a well-resourced group, is exploiting an UNPATCHED zero-day #vulnerability in Fortinet's FortiClient for Windows to extract VPN credentials.

Learn more: https://thehackernews.com/2024/11/warning-deepdata-malware-exploiting.html

Google's AI-driven tool OSS-Fuzz uncovered 26 flaws across various open-source repositories, including a serious flaw (CVE-2024-9143) in OpenSSL, marking a milestone in automated #vulnerability detection.

Read the full article here — https://thehackernews.com/2024/11/googles-ai-powered-oss-fuzz-tool-finds.html

False positives are a headache, but a false negative? That’s where the real danger lies.

Imagine thinking you've fixed a #vulnerability, only for attackers to sneak in undetected. Aesop’s Boy Who Cried Wolf is still relevant today.

A false negative could cost your company everything—from compromised credentials to ransomware. Are your defenses really working?

Find out why ASV tools are the cybersecurity game-changer you need. Read the full story here: https://thehackernews.com/2024/11/cyber-story-time-boy-who-cried-secure.html

A critical #vulnerability (CVE-2024-11680) in the ProjectSend file-sharing app is being actively exploited.

It allows attackers to execute malicious code on vulnerable servers.

Don’t wait for an attack—patch now: https://thehackernews.com/2024/11/critical-flaw-in-projectsend-under.html

U.S. has unsealed charges against a Chinese hacker for exploiting a zero-day #vulnerability in 81,000 Sophos firewalls, enabling the infiltration of critical systems, the theft of sensitive data, and targeting U.S. infrastructure.

Learn more: https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html

🚨 Apple's TCC framework #vulnerability exposed!

A now-patched flaw (CVE-2024-44131) allowed unauthorized apps to access sensitive data like Health info, microphone, and #iCloud backups—without users knowing.

Learn more: https://thehackernews.com/2024/12/researchers-uncover-symlink-exploit.html

🛡️ Critical OpenWrt #vulnerability (CVE-2024-54143) discovered — With just a 12-character hash collision, attackers can replace legitimate firmware with a malicious alternative, all without authentication.

Discover the technical details: https://thehackernews.com/2024/12/critical-openwrt-vulnerability-exposes.html