Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission.
Threat update
Significant vulnerabilities in Microsoft's Azure AI Content Safety services have been discovered. These vulnerabilities enable attackers to bypass safeguards and deploy harmful AI-generated content.
Threat update
Significant vulnerabilities in Microsoft's Azure AI Content Safety services have been discovered. These vulnerabilities enable attackers to bypass safeguards and deploy harmful AI-generated content. Continue reading this Cybersecurity Threat Advisory to learn the implications of these flaws and which security measures to implement to protect your organization.
Threat update
Three Ivanti Cloud Service Appliance (CSA) vulnerabilities are being exploited and weaponized in the wild. Read this Cybersecurity Threat Advisory to learn how you can mitigate your risk of being targeted.
Threat update
There were recently six vulnerabilities discovered in Veeam Backup and Replication. One of them is an unauthenticated remote code execution (RCE), while the other five include authenticated RCE, arbitrary file deletion, low-privileged multi-factor authentication (MFA) setting modification and MFA bypass, credential sniffing, and privilege escalation. Review the details in this Cybersecurity Threat Advisory to limit customers' impact.
Threat update
This Cybersecurity Threat Advisory breaks down multiple critical vulnerabilities in the Cacti framework, an open-source network monitoring and fault management tool. Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code and compromise network infrastructure.
Threat update
HPE Aruba Networking has disclosed that critical remote code execution (RCE) vulnerabilities are impacting multiple versions of ArubaOS. Out of the ten vulnerabilities found, four pose critical risks of unauthenticated buffer overflows in various services.
Threat update
Two vulnerabilities were found in legacy D-Link products that have reached end-of-life (EoL) status. The vulnerabilities can cause command injection and backdoor account to these devices. This Cybersecurity Threat Advisory discusses the impact of the threat, as well as recommendations to mitigate risks these vulnerabilities may cause.
Threat update
Critical authentication bypass vulnerabilities have been identified in QNAP network attached storage (NAS) devices. These flaws pose significant risks, allowing unauthorized access to affected devices. Review the recommendations in this Cybersecurity Threat Advisory to ensure your systems are secure.
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
Popular WordPress form-building plugin Ninja Forms contains three vulnerabilities that could allow attackers to achieve privilege escalation and steal user data.