ExtraReplica: Microsoft patches cross-tenant bug in Azure PostgreSQL
Microsoft has patched a security weakness in Azure PostgreSQL which could have been exploited to execute malicious code. On Thursday, researchers from Wiz Research...
Tagged: Bug
NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
A “logical flaw” has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables malicious actors to pass...
Iranian Hackers Exploiting VMware RCE Bug to Deploy ‘Core Impact’ Backdoor
An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy...
Hack DHS: Homeland Security’s first bug bounty turns up 122 vulnerabilities
The US Department of Homeland Security (DHS)’s first bug bounty with external researchers called “Hack DHS” helped discover 122 vulnerabilities. DHS announced the Hack...
Critical Bug in Everscale Wallet Could’ve Let Attackers Steal Cryptocurrencies
A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to...
Amazon’s Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
The “hotpatch” released by Amazon Web Services (AWS) in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing...
Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails
An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims’...
Researchers Detail Bug That Could Paralyze Snort Intrusion Detection System
Details have emerged about a now-patched security vulnerability in the Snort intrusion detection and prevention system that could trigger a denial-of-service (DoS) condition and...
Microsoft: We’re boosting our bug bounties for these high-impact security flaws
Microsoft has announced new “scenario-based” awards for its Dynamics and Power Platform Bounty Program and the Microsoft 365 Bounty Program. Microsoft says the scenario-based...
Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure
Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product...