A high-severity security flaw has been disclosed in ProjectDiscovery’s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. “The
Read More
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (CVSS score: 9.8), a critical integer overflow flaw
Read More
In the past year, cross-domain attacks have gained prominence as an emerging tactic among adversaries. These operations exploit weak points across multiple domains – including endpoints, identity systems and cloud environments – so the adversary can infiltrate organizations, move laterally and evade detection. eCrime groups like SCATTERED SPIDER and North Korea-nexus adversaries such as FAMOUS CHOLLIMA exemplify the use of cross-domain
Read More
Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform’s OData Web API Filter, while the third vulnerability is rooted in
Read More
Our mission is to educate our customer base, build capacity in every country we operate in and make cyber security affordable to all