Latest Exploit news

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database.
- Bill Toulas
- June 26, 2024
- 12:56 PM
- 0
"Researchers" exploit Kraken exchange bug, steal $3 million in crypto

The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds.
- Lawrence Abrams
- June 19, 2024
- 10:51 AM
- 0
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks.
- Bill Toulas
- June 13, 2024
- 01:21 PM
- 0
Exploit for critical Veeam auth bypass available, patch now

A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.
- Bill Toulas
- June 10, 2024
- 11:05 AM
- 0
TikTok fixes zero-day bug used to hijack high-profile accounts

Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature.
- Sergiu Gatlan
- June 04, 2024
- 05:57 PM
- 0
Exploit for critical Progress Telerik auth bypass released, patch now

Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.
- Bill Toulas
- June 03, 2024
- 01:58 PM
- 0
Exploit released for maximum severity Fortinet RCE bug, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February.
- Sergiu Gatlan
- May 28, 2024
- 12:16 PM
- 0
QNAP QTS zero-day in Share feature gets public RCE exploit

An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.
- Bill Toulas
- May 20, 2024
- 10:57 AM
- 0
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
- Bill Toulas
- May 14, 2024
- 06:10 PM
- 0
Maximum severity Flowmon bug has a public exploit, patch now

Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility.
- Bill Toulas
- April 24, 2024
- 04:08 PM
- 1
Microsoft: APT28 hackers exploit Windows flaw reported by NSA

Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg.
- Sergiu Gatlan
- April 22, 2024
- 01:22 PM
- 0
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now

Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software.
- Sergiu Gatlan
- April 16, 2024
- 02:36 PM
- 0
Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver

Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions).
- Sergiu Gatlan
- March 22, 2024
- 01:13 AM
- 0
Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
- Sergiu Gatlan
- March 21, 2024
- 11:17 AM
- 0
Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

On the first day of Pwn2Own Vancouver 2024, contestants demoed 19 zero-day vulnerabilities in Windows 11, Tesla, Ubuntu Linux and other devices and software to win $732,500 and a Tesla Model 3 car.
- Sergiu Gatlan
- March 21, 2024
- 03:07 AM
- 2
Exploit available for new critical TeamCity auth bypass bug, patch now

A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions.
- Ionut Ilascu
- March 04, 2024
- 05:42 PM
- 0
ScreenConnect critical bug now under attack as exploit code emerges

Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
- Bill Toulas
- February 21, 2024
- 12:18 PM
- 1
Exploit released for Android local elevation flaw impacting 7 OEMs

A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers.
- Bill Toulas
- January 31, 2024
- 02:15 PM
- 2
Exploits released for critical Jenkins RCE flaw, patch now

Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks.
- Bill Toulas
- January 28, 2024
- 10:17 AM
- 0
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
- Sergiu Gatlan
- January 26, 2024
- 07:32 AM
- 0