Hack Reports - Latest Cybersecurity News, Trends & Updates

Sign in Subscribe

Vulnerability Exploits

OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organizations - CybersecurityNews

OilRig Hackers Exploiting Windows Kernel 0-day to Attack Organizations - CybersecurityNews

Latest News on OilRig Windows Kernel Exploit CVE-2024-30088 and Cyber Espionage Tactics 2024 OilRig Windows Kernel Exploit CVE-2024-30088: The Iranian state-sponsored hacking group OilRig, also known as APT34, has been actively exploiting a Windows kernel vulnerability (CVE-2024-30088) to attack critical infrastructure and organizations5. This exploit allows the attackers to gain

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation

The latest news on the CISA USAHERDS vulnerability, tracked as CVE-2021-44207, involves its addition to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) due to evidence of active exploitation. Key Highlights: 1. CVE-2021-44207: This vulnerability affects Acclaim Systems USAHERDS software versions up

The U.S. Govenment Charges China-Based Hacker for Exploiting Zero-Day Vulnerability - The National Law Review

The U.S. Govenment Charges China-Based Hacker for Exploiting Zero-Day Vulnerability - The National Law Review

The latest news on China-based hacker indictment 2024, exploiting a zero-day vulnerability, involves the U.S. government charging Guan Tianfeng for global firewall hacks. Here are the key details: Indictment of Guan Tianfeng: * Federal Charges: Guan Tianfeng, a China-based hacker, has been indicted by the U.S. government for exploiting

Adobe warns of critical ColdFusion bug with PoC exploit code

Adobe warns of critical ColdFusion bug with PoC exploit code

Latest News on Adobe ColdFusion Critical Vulnerability 2024 Summary: Adobe ColdFusion contains a critical vulnerability (CVE-2024-20767) that could allow an attacker to access or modify restricted data. This vulnerability has been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation

Premium WPLMS WordPress plugins address seven critical flaws

Premium WPLMS WordPress plugins address seven critical flaws

Latest News on WordPress Plugin Vulnerabilities in 2024 Key Highlights: 1. WPML Vulnerability: * A critical vulnerability was discovered in the WPML plugin, which allows Remote Code Execution via Twig Server-Side Template Injection. This impacted all versions of the plugin before 4.6.131. * The vulnerability was tracked as CVE-2024-6386 and

Apache fixes remote code execution bypass in Tomcat web server

Apache fixes remote code execution bypass in Tomcat web server

The latest news on the Apache Tomcat vulnerability fix involves a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-56337, which has been addressed in a recent security update by the Apache Software Foundation134. Key Highlights: 1. Vulnerability Description: * The vulnerability, CVE-2024-56337, is a time-of-check time-of-use (TOCTOU) race condition that

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

Supply Chain Attack Hits Rspack, Vant npm Packages with Monero Miner

The latest news on the Rspack npm package attack and the Vant package Monero miner involves a sophisticated supply chain attack targeting the npm ecosystem. Here are the key highlights: 1. Rspack npm Package Attack: * Compromised Packages: The developers of Rspack revealed that two of their npm packages, @rspack/core