Latest Information Disclosure news

Hackers exploit critical D-Link DIR-859 router flaw to steal passwords

Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords.
- Bill Toulas
- June 29, 2024
- 11:18 AM
- 1
Check-in terminals used by thousands of hotels leak guest info

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms.
- Bill Toulas
- June 05, 2024
- 04:43 PM
- 2
Check Point VPN zero-day exploited in attacks since April 30

Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks.
- Sergiu Gatlan
- May 29, 2024
- 03:39 PM
- 0
Check Point releases emergency fix for VPN zero-day exploited in attacks

Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks.
- Bill Toulas
- May 29, 2024
- 09:31 AM
- 0
Critical Fluent Bit flaw impacts all major cloud providers

A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants.
- Sergiu Gatlan
- May 20, 2024
- 05:12 PM
- 0
Hackers start exploiting critical ownCloud flaw, patch now

Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments.
- Bill Toulas
- November 28, 2023
- 11:14 AM
- 0
New Reptar CPU flaw impacts Intel desktop and server systems

Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.
- Sergiu Gatlan
- November 14, 2023
- 06:15 PM
- 1
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface).
- Sergiu Gatlan
- November 14, 2023
- 01:43 PM
- 0
New Microsoft Exchange zero-days allow RCE, data theft attacks

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
- Bill Toulas
- November 03, 2023
- 11:14 AM
- 3
Citrix Bleed exploit lets hackers hijack NetScaler accounts

A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.
- Bill Toulas
- October 25, 2023
- 11:26 AM
- 0
Recently patched Citrix NetScaler bug exploited as zero-day since August

A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced.
- Bill Toulas
- October 18, 2023
- 07:01 AM
- 1
New critical Citrix NetScaler flaw exposes 'sensitive' data

Citrix NetScaler ADC and NetScaler Gateway are impacted by a critical severity flaw that allows the disclosure of sensitive information from vulnerable appliances.
- Bill Toulas
- October 10, 2023
- 11:53 AM
- 0
Insurer fined $3M for exposing data of 650k clients for two years

The Swedish Authority for Privacy Protection (IMY) has fined Trygg-Hansa 35 million Swedish krona ($3,000,000) for exposing the sensitive data of hundreds of thousands of customers on its online portal.
- Bill Toulas
- September 04, 2023
- 01:51 PM
- 2
Microsoft enables Windows Kernel CVE-2023-32019 fix for everyone

Microsoft has enabled a fix for a Kernel information disclosure vulnerability by default for everyone after previously disabling it out of concerns it could introduce breaking changes to Windows.
- Lawrence Abrams
- August 14, 2023
- 02:13 PM
- 3
WordPress Ninja Forms plugin flaw lets hackers steal submitted data

Popular WordPress form-building plugin Ninja Forms contains three vulnerabilities that could allow attackers to achieve privilege escalation and steal user data.
- Bill Toulas
- July 27, 2023
- 01:00 PM
- 3
VMware fixes bug exposing CF API admin credentials in audit logs

VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment caused by credentials being logged and exposed via system audit logs.
- Sergiu Gatlan
- July 25, 2023
- 11:45 AM
- 0
Microsoft: Windows Kernel CVE-2023-32019 fix is disabled by default

Microsoft has released an optional fix to address a Kernel information disclosure vulnerability affecting systems running multiple Windows versions, including the latest Windows 10, Windows Server, and Windows 11 releases.
- Sergiu Gatlan
- June 14, 2023
- 05:43 PM
- 4
WordPress Stripe payment plugin bug leaks customer order details

The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin.
- Bill Toulas
- June 13, 2023
- 12:02 PM
- 0
GitLab 'strongly recommends' patching max severity flaw ASAP

GitLab has released an emergency security update, version 16.0.1, to address a maximum severity (CVSS v3.1 score: 10.0) path traversal flaw tracked as CVE-2023-2825.
- Bill Toulas
- May 24, 2023
- 03:25 PM
- 0
HP to patch critical bug in LaserJet printers within 90 days

HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers.
- Bill Toulas
- April 04, 2023
- 06:46 PM
- 0