Penetration Testing

A recent discovery has unveiled a critical security vulnerability in MongoDB Compass, a widely-used graphical user interface (GUI) for querying, aggregating, and analyzing MongoDB data. This tool, known for its robust capabilities and cross-platform… The post CVE-2024-6376 (CVSS 9.8) in MongoDB Compass Exposes Systems to Code Injection Risks appeared first on Cybersecurity News.

On June 27, 2024, Cloudflare’s popular 1.1.1.1 public DNS resolver service experienced disruptions, leaving a small percentage of users worldwide unable to access the service or facing significant latency issues. The culprit behind this… The post Cloudflare’s 1.1.1.1 DNS Service Disrupted by BGP Hijacking and Route Leak appeared first on Cybersecurity News.

A critical vulnerability has been identified in HFS (HTTP File Server), a popular file-sharing software used to send and receive files over HTTP. The vulnerability, tracked as CVE-2024-39943, poses a significant threat to systems… The post CVE-2024-39943 (CVSS 9.9): Critical Vulnerability in HTTP File Server Exposes Systems to RCE appeared first on Cybersecurity News.

Recently, the Apache Software Foundation has rushed to release Apache HTTP Server version 2.4.61, a crucial update that addresses a severe source code disclosure vulnerability (CVE-2024-39884). This flaw, rated as “Important” by the Apache… The post Apache HTTP Server Update Patches Critical Source Code Disclosure Flaw (CVE-2024-39884) appeared first on Cybersecurity News.

A sophisticated and persistent supply chain attack targeting the popular JavaScript library jQuery has been uncovered by cybersecurity researchers at Phylum. The attack, which has been active since late May, involves the distribution of… The post Widespread Supply Chain Attack on NPM: Trojanized jQuery Discovered appeared first on Cybersecurity News.

A high-severity vulnerability (CVE-2024-38513) has been discovered in Fiber, a widely-used web framework for the Go programming language. This flaw allows attackers to hijack user sessions, potentially leading to unauthorized access and data breaches…. The post CVE-2024-38513 (CVSS 9.8): Critical Security Flaw in Popular Go Web Framework, Fiber appeared first on Cybersecurity News.

Palo Alto Networks’ Unit 42 threat intelligence team has published a comprehensive analysis detailing the advanced evasion techniques employed by GootLoader, a pervasive malware known for its role in delivering ransomware and other malicious… The post Unit 42 Research Exposes GootLoader’s Sophisticated Sandbox Evasion Tactics appeared first on Cybersecurity News.

Two critical vulnerabilities have been identified in the Logsign Unified SecOps Platform, a comprehensive software solution for security operations. These vulnerabilities, CVE-2024-5716 and CVE-2024-5717, when combined, can enable remote, unauthenticated code execution on the… The post Logsign Unified SecOps Platform Urgent Update Addresses Critical RCE Vulnerabilities appeared first on Cybersecurity News.

A new wave of cyberattacks utilizing the sophisticated Mekotio banking trojan is raising alarms across Latin America, according to a recent report by Trend Micro Research. The malware, active since 2015 and primarily targeting… The post Mekotio Banking Trojan Resurges, Targeting Latin American Financial Systems appeared first on Cybersecurity News.

The OpenStack Foundation has issued an urgent security advisory, disclosing a critical vulnerability (CVE-2024-32498, CVSS 8.8) affecting multiple core components of its cloud infrastructure platform. This flaw could allow malicious actors to gain unauthorized… The post CVE-2024-32498: Critical OpenStack Flaw Exposes Cloud Data to Attackers appeared first on Cybersecurity News.