Microsoft fixes vulnerability in the Windows Snipping tool

Microsoft fixes vulnerability in the Windows Snipping tool

Microsoft fixes vulnerability in the Windows Snipping tool Microsoft provided an urgent security upgrade for the Windows 10 and Windows 11 Snipping tools to address the Acropalypse privacy issue, The Acropalypse vulnerability, which is currently tracked as CVE-2023-28303, results from image editors failing to correctly remove trimmed input images when resetting the original file. For […]

Github replaces RSA SSH host key after public exposure

Github replaces RSA SSH host key after public exposure

Github replaces RSA SSH host key after public exposure In order to secure Git operations, Github has replaced the vulnerable RSA SSH Host key. This action was taken in order to keep the security measures in place as the cloud based repository service was earlier exposed in a public repository. The action, which was taken […]

WooCommerce Payment Plugin vulnerability Fixed for WordPress

WooCommerce Payment Plugin vulnerability Fixed for WordPress

WooCommerce Payment Plugin vulnerability Fixed for WordPress Fixes have been made available for a serious security hole affecting the WordPress plugin WooCommerce Payments, which is used by thousands of websites. The business issued a warning on March 23, 2023, stating if the weakness is not fixed, a malicious actor may be able to get unauthorised […]

CISA Warns Industrial Control Systems have critical Vulnerabilities

CISA Warns Industrial Control Systems have critical Vulnerabilities

CISA Warns Industrial Control Systems have critical Vulnerabilities On Tuesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued eight Industrial Control Systems (ICS) advisories highlighting serious vulnerabilities impacting products from Rockwell Automation and Delta Electronics. These include three bugs in the software developed by ETIC Telecom, including one that results from the Remote Access […]

Hackers exploit a 3-Year-Old Flaw to Breach a U.S. Federal Agency

Hackers exploit a 3-Year-Old Flaw to Breach a U.S. Federal Agency

Hackers exploit a 3-Year-Old Flaw to Breach a U.S. Federal Agency Recent reports claim that several hacker groups breached a U.S. federal agency using a three-year-old vulnerability. The breach exposed sensitive data, including private and secret government information. The issue in question relates to a piece of software(Telerik UI flaw) that is frequently used by […]

CISA identifies Adobe ColdFusion Vulnerability exploited globally

CISA identifies Adobe ColdFusion Vulnerability exploited globally

CISA identifies Adobe ColdFusion Vulnerability exploited globally Based on the evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Adobe ColdFusion security vulnerability to its Known Exploited Vulnerabilities (KEV) list on March 15. CVE-2023-26360 (CVSS score: 8.6) is the significant weakness in question, which a threat actor might use to […]

Flaw in FortiOS & FortiProxy Gives Remote Access to Hackers

Flaw in FortiOS & FortiProxy Gives Remote Access to Hackers

A Critical flaw in FortiOS & FortiProxy Gives Remote Access to Hackers There has been a serious vulnerability in FortiOS and FortiProxy which might enable a threat actor to take control of affected systems. Fortinet released some patches to address 15 security flaws, including a critical vulnerability affecting FortiOS and FortiProxy. Its security teams discovered […]

OpenSSL released patches for latest High Severity Vulnerabilities

OpenSSL released patches for latest High Severity Vulnerabilities

OpenSSL released patches for latest High Severity Vulnerabilities OpenSSL team has released the patches (OpenSSL v3.0.7) to remediate multiple high-severity vulnerabilities for which the OpenSSL team warned all users and vendors. As per the security advisory, OpenSSL team has remediated two high-severity vulnerabilities CVE-2022-3602 and CVE-2022-3786 which are affecting OpenSSL versions between 3.0.0 to 3.0.6. […]

High severity flaw allowed hackers repojacking GitHub Repository

High severity flaw allowed hackers repojacking GitHub Repository

High severity flaw allowed hackers repojacking GitHub Repository Recently a vulnerability was discovered in Github and Github acknowledged the exposed vulnerability as repojacking where hackers were able to control the repository. According to Checkmarx a security company, the vulnerability left multiple packages susceptible to being hijacked to serve malicious code to millions of users and […]

BrakTooth Bluetooth Vulnerabilities harming systems in 2022

BrakTooth Bluetooth Vulnerabilities harming systems in 2022 Researchers have found various security bugs in the Bluetooth stack carried out on SoCs from multiple vendors. Named ‘BrakTooth,’ these Bluetooth weaknesses possibly risk issues like DoS and code execution to billions of gadgets. BrakTooth Bluetooth Vulnerabilities A group of security researchers from Singapore University has found various […]