Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security ...
TechCrunch

Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the ...
Bleeping Computer

Exploit available for new critical TeamCity auth bypass bug, patch now

A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions ...
Security Boulevard

JFrog Researchers Uncover RCE Exploit for Existing Redis Database Vulnerability

JFrog this week published an analysis of a vulnerability in Redis databases that may be more serious than initially thought following the discovery of a ...
Ars Technica

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation

Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 ...
CNET

Yahoo! Messenger for Mac OS X vulnerable to remote buddy-add exploit

Although Mac OS X has proven invulnerable (so far) to genuine, in-the-wild exploits that allow remote execution of arbitrary code, individual third-party applications can still suffer remote attacks ...
ExtremeTech

LastPass exploit allows remote code execution and password theft

LastPass bills itself as a way to simplify your life by storing all your passwords and account details in one place. However, it's looking a little less convenient now, as the service deals with its ...