Hack Reports - Latest Cybersecurity News, Trends & Updates

Sign in Subscribe

Vulnerability Exploits

Zero-day vulnerability in Sonicwall SSL VPN is attacked - heise online

Zero-day vulnerability in Sonicwall SSL VPN is attacked - heise online

Latest News on SonicWall SSL VPN Vulnerability (January 2025) Summary: In January 2025, SonicWall announced updates to address actively attacked vulnerabilities in SonicOS, including a zero-day vulnerability in the SSL VPN and SSH management. The updates aim to close security gaps that are currently being exploited in the wild. Key

CISA warns of critical Oracle, Mitel flaws exploited in attacks

CISA warns of critical Oracle, Mitel flaws exploited in attacks

Latest News on CISA, Oracle, and Mitel Vulnerabilities CISA Warnings and Vulnerabilities 1. Mitel MiCollab Vulnerabilities: * CVE-2024-35286 and CVE-2024-41713: Security flaws in Mitel MiCollab have been identified, which could allow unauthorized access and arbitrary file read vulnerabilities24. * Path Traversal Vulnerability: Mitel MiCollab contains a path traversal vulnerability that could allow

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

Researchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers

Latest News on Illumina iSeq 100 Security Vulnerability: Researchers have recently uncovered a significant security flaw in the Illumina iSeq 100 DNA sequencing instrument. The vulnerability lies in the outdated BIOS firmware, which lacks Secure Boot and standard firmware write protections, making it susceptible to firmware exploits1. Key Highlights: 1.

Vulnerable Moxa devices expose industrial networks to attacks

Vulnerable Moxa devices expose industrial networks to attacks

Latest News on Moxa Devices Vulnerabilities Moxa Security Advisory: CVE-2024-9138 and CVE-2024-9140 Moxa, a leading provider of industrial networking and communication solutions, has issued a security advisory regarding two critical vulnerabilities affecting their cellular routers, secure routers, and network security appliances1. The vulnerabilities, identified as CVE-2024-9138 and CVE-2024-9140, have a

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution

A high-severity security flaw, tracked as CVE-2024-43405, has been disclosed in ProjectDiscovery's Nuclei, a widely-used open-source vulnerability scanner. This vulnerability allows attackers to bypass signature checks and potentially execute malicious code13. Key Highlights: * Vulnerability Description: The vulnerability stems from a discrepancy between how the signature verification process and

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

The latest news on the LDAP vulnerability PoC exploit, specifically CVE-2024-49112, involves a critical remote code execution (RCE) flaw in Windows Lightweight Directory Access Protocol (LDAP) clients. Here are the key details: CVE-2024-49112 Overview Vulnerability Description: CVE-2024-49112 is a critical vulnerability in Windows LDAP clients that allows remote code execution.

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

New "DoubleClickjacking" Exploit Bypasses Clickjacking Protections on Major Websites

Latest News on DoubleClickjacking Vulnerability 2025 DoubleClickjacking is a sophisticated form of the traditional clickjacking attack that exploits unsuspecting users with a two-click sequence, bypassing existing defenses and leaving websites and user accounts vulnerable to takeover1. How DoubleClickjacking Works 1. Initial Setup: * An attacker designs a malicious website featuring an