Tag: securityonline

CVE-2024-55579 & CVE-2024-55580: Qlik Sense Users Face Serious Security Risk Qlik, a leading provider of business intelligence and data analytics platforms, has disclosed two vulnerabilities affecting Qlik Sense Enterprise for Windows. These vulnerabilities, identified as CVE-2024-55579 and CVE-2024-55580, could allow… Go to gbhackers.com

Activation Context Hijacking: “Eclipse” PoC Weaponizes Trusted Processes Kurosh Dabbagh Escalante, a Red Team Operator at BlackArrow, has introduced Eclipse, a proof-of-concept (PoC) tool designed to exploit Activation Context hijacking. By leveraging a technique known as Activation Context… Go to gbhackers.com

Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the afd.sys Windows driver. This vulnerability, with a CVSS score of 7.8, poses a significant threat to Windows systems,… Go to gbhackers.com

The Rise of Mac Malware: 2024 Threat Report Reveals Alarming Trends For years, macOS enjoyed a reputation as a secure platform, relatively untouched by malware. However, a 60% surge in macOS market share over the past three years has made it… Go to gbhackers.com

Google Fixes Critical RCE Vulnerabilities in December 2024 Pixel Security Update Google has rolled out its December 2024 security update for Pixel devices, addressing a total of 28 vulnerabilities, including two critical remote code execution (RCE) flaws in the Cellular baseband… Go to gbhackers.com

QNAP Addresses High Severity Vulnerabilities in License Center and Operating Systems QNAP, a leading provider of network-attached storage (NAS) solutions, has issued a security advisory addressing multiple vulnerabilities affecting its License Center and QTS/QuTS hero operating systems. The vulnerabilities range in… Go to gbhackers.com

Mauri Ransomware Exploits Apache ActiveMQ Flaw (CVE-2023-46604) The AhnLab Security Intelligence Response Center (ASEC) has revealed that threat actors exploiting a critical vulnerability in Apache ActiveMQ, identified as CVE-2023-46604, have begun deploying Mauri ransomware in their attacks…. Go to gbhackers.com

Manjaro 24.2 “Yonada” Released: A Refined and Feature-Rich Update Manjaro Linux, the acclaimed Arch-based distribution renowned for its user-centric approach, has announced the release of version 24.2, codenamed “Yonada.” This latest iteration delivers a compelling blend of stability, performance,… Go to gbhackers.com

CVE-2024-12209 (CVSS 9.8): WP Umbrella Plugin Vulnerability Exposes 30,000 Websites to Compromise A critical security vulnerability has been discovered in the popular WordPress plugin, WP Umbrella, which is used by over 30,000 websites. The flaw, identified as CVE-2024-12209 and assigned a CVSS… Go to gbhackers.com

SystemRescue 11.03 Boots Up with a Powerful New Kernel and Updated Tools! SystemRescue, the renowned open-source system recovery toolkit, announces the release of version 11.03. This iteration delivers crucial updates to the kernel and core utilities, further solidifying its position as a… Go to gbhackers.com

Google’s Vanir: A Powerful New Open-Source Tool for Supercharging Security Patch Validation In a move set to redefine security patch validation, Google announced the public availability of Vanir, an open-source tool designed to revolutionize how developers identify and address security vulnerabilities. Initially… Go to gbhackers.com

FSB-Tampered Device Returned with Monokle-Type Spyware, Experts Reveal A joint investigation by the First Department and cybersecurity researchers has exposed the covert implantation of spyware resembling the Monokle family on a confiscated device returned to a Russian programmer…. Go to gbhackers.com

BlueAlpha Exploits Cloudflare Tunnels for GammaDrop Malware Infrastructure The Insikt Group has uncovered a sophisticated cyber-espionage operation conducted by BlueAlpha, a state-sponsored threat actor with links to the Russian Federal Security Service (FSB). The campaign targets Ukrainian entities… Go to gbhackers.com

Sophisticated Campaign Targets Manufacturing Industry with Lumma Stealer and Amadey Bot Cyble Research and Intelligence Labs (CRIL) has uncovered a multi-stage cyberattack campaign targeting the manufacturing industry. Leveraging advanced techniques and a combination of Lumma Stealer and Amadey Bot, this campaign… Go to gbhackers.com

US Organization in China Falls Victim to Suspected Chinese Espionage Campaign A recent report from the Symantec Threat Hunter Team reveals a troubling cyberespionage operation targeting a large US organization operating in China. The attack, suspected to be the work of… Go to gbhackers.com

Earth Minotaur: MOONSHINE Exploit Kit and DarkNimbus Backdoor Threaten Multi-Platform Security A sophisticated cyber campaign orchestrated by the threat actor Earth Minotaur has been uncovered by Trend Micro researchers, exposing their reliance on the MOONSHINE exploit kit and a previously unreported… Go to gbhackers.com

Kroah-Hartman Confirms: Linux Kernel 6.12 is Now LTS Linux kernel version 6.12, released on November 17, 2024, has been officially designated as a Long-Term Support (LTS) release. Maintained by renowned kernel developer Greg Kroah-Hartman, this version is slated… Go to gbhackers.com

Unpatched Zero-Day Vulnerability in Mitel MiCollab Exposes Businesses to Serious Security Risks A newly disclosed zero-day vulnerability in the Mitel MiCollab collaboration platform has raised serious concerns regarding the security of sensitive business data. Discovered by security researchers at watchTowr, the vulnerability… Go to gbhackers.com

Critical Zero-Day Vulnerability in Windows Exposes User Credentials A newly discovered zero-day vulnerability affecting all supported and legacy versions of Microsoft Windows allows attackers to capture user NTLM credentials through the simple act of file viewing within Windows… Go to gbhackers.com

iVerify Unveils Disturbing Prevalence of Pegasus Spyware on Mobile Devices In an investigation, iVerify has revealed the pervasive presence of the notorious Pegasus spyware in mobile devices, uncovering seven infections in a sample of 2,500 user-scanned devices. This discovery challenges… Go to gbhackers.com

CVE-2024-43222 (CVSS 9.8): Critical Flaw in Sweet Date WordPress Theme Exposes Thousands of Sites to Potential Takeovers A critical vulnerability (CVE-2024-43222) has been identified in the Sweet Date WordPress theme, a popular premium theme with nearly 10,000 sales. This vulnerability carries a CVSS score of 9.8, indicating… Go to gbhackers.com

Phishing, Fraud, and Stolen Data: Europol Takes Down Cybercrime Network Europol has announced the successful dismantling of a sophisticated network responsible for facilitating large-scale online fraud. This operation, led by German authorities with support from law enforcement agencies across Europe,… Go to gbhackers.com

Browser Isolation Bypassed: QR Codes Used in Novel C2 Attacks Browser isolation technology, often lauded as a cornerstone of modern cybersecurity, is not impervious to creative exploitation. A recent report from Thibault Van Geluwe de Berlaere at Mandiant unveils an… Go to gbhackers.com

Django Releases Patches for CVE-2024-53907 and CVE-2024-53908 to Mitigate DoS and SQLi Threats The Django team has recently announced the release of Django 5.1.4, Django 5.0.10, and Django 4.2.17 to address two security vulnerabilities. All users are strongly encouraged to upgrade their Django… Go to gbhackers.com

How an Intranet Can Enhance Business Security Security is a paramount concern that impacts all facets of business operations. An intranet, as a restricted network within a company, plays a crucial role in bolstering business security. This… Go to gbhackers.com

Five Flaws in Lorex 2K Security Cameras Enable Hackers to Take Full Control, PoC Published Rapid7’s latest research reveals a series of critical vulnerabilities in the Lorex 2K Indoor Wi-Fi Security Camera, raising significant concerns for consumer security. The vulnerabilities, identified during the 2024 Pwn2Own… Go to gbhackers.com

Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put Data at Risk Veeam Software, a prominent provider of backup, recovery, and data management solutions, has released a security update to address multiple vulnerabilities in its Veeam Backup & Replication software. These vulnerabilities… Go to gbhackers.com

CVE-2024-51378 (CVSS 10): Critical CyberPanel Flaw Under Active Attack, CISA Warns The Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in CyberPanel, an open-source web hosting control panel. This flaw, tracked as CVE-2024-51378, is being actively exploited… Go to gbhackers.com

Fuji Electric Indonesia Suffers Ransomware Attack: Business Partner Data Potentially Leaked Fuji Electric Co., Ltd. has disclosed a ransomware attack targeting its wholly-owned subsidiary, Fuji Electric Indonesia (FEID). The incident, which occurred in late November 2024, rendered several PCs and servers… Go to gbhackers.com

CVE-2024-10905 (CVSS 10): Critical Vulnerability in SailPoint IdentityIQ Exposes Sensitive Data A critical vulnerability has been discovered in SailPoint IdentityIQ, a widely used identity and access management (IAM) platform. This flaw, tracked as CVE-2024-10905, has been assigned a CVSS score of… Go to gbhackers.com

Akira v2 Emerges: Rust-Based Ransomware Raises the Stakes The Akira ransomware took a significant leap earlier this year with the introduction of a new Rust-based variant, according to a detailed analysis from Check Point Research (CPR). This version,… Go to gbhackers.com

New Andromeda/Gamarue Command-and-Control Cluster Targets APAC Industries In a recent report, the Cybereason Security Services Team unveiled the discovery of a new cluster of Command-and-Control (C2) servers linked to the infamous Andromeda (aka Gamarue) malware family. This… Go to gbhackers.com

Beware of Celestial Stealer: New MaaS Targets Browsers and Crypto Wallets A new report from Trellix Advanced Research Center has exposed the inner workings of Celestial Stealer, a sophisticated Malware-as-a-Service (MaaS) platform targeting developers, gamers, and cryptocurrency users. The JavaScript-based infostealer… Go to gbhackers.com

Phishing Frenzy: Cloudflare Domains Exploited in Latest Attacks A new report from cybersecurity firm Fortra has revealed a dramatic increase in the abuse of Cloudflare’s pages.dev and workers.dev domains for phishing attacks. This abuse capitalizes on Cloudflare’s trusted… Go to gbhackers.com

RECOPE, Costa Rica’s State-Owned Energy Provider, Grapples with Ransomware Attack and Fuel Supply Disruption Refinadora Costarricense de Petróleo (RECOPE), the state-owned entity responsible for Costa Rica’s fuel supply chain, has been targeted by a ransomware attack, impacting operations and raising concerns about potential fuel… Go to gbhackers.com

DMM Bitcoin Ceases Operations Following $300 Million Cyberattack, Attributed to Lazarus Group DMM Bitcoin, a leading Japanese cryptocurrency exchange, has announced its impending closure following a major cybersecurity incident. The exchange fell victim to a sophisticated cyberattack on May 31st, 2024, resulting… Go to gbhackers.com

Cyberattack Compromises Marin City Housing Project, $950,000 in Public Funds Stolen A significant cybersecurity incident has impacted the Golden Gate Village housing project in Marin City, resulting in the theft of $950,000 of public funds allocated for critical renovations. The Marin… Go to gbhackers.com

Crypto.com Launches $2 Million Bug Bounty Program with HackerOne Crypto.com, a leading cryptocurrency platform with over 100 million users worldwide, has announced a significant upgrade to its bug bounty program in partnership with HackerOne. This move reinforces the company’s… Go to gbhackers.com

Solana Web3.js Library Compromised in Targeted Supply Chain Attack A sophisticated supply chain attack has been identified within the widely-used @solana/web3.js JavaScript library, potentially jeopardizing the security of numerous developers and users within the Solana ecosystem. Malicious code was injected… Go to gbhackers.com

PoC Exploit Releases for Critical Zabbix Vulnerability – CVE-2024-42327 (CVSS 9.9) Security researcher Alejandro Ramos has published a detailed technical analysis and proof-of-concept (PoC) exploit code for CVE-2024-42327, a critical SQL injection vulnerability affecting Zabbix, a widely used open-source enterprise network… Go to gbhackers.com

Microsoft Emphasizes TPM 2.0 as a “Necessity” for Secure Windows 11 Deployment In a recent blog post, Microsoft reiterated the importance of Trusted Platform Module (TPM) 2.0 for Windows 11 security, calling it a “necessity” for a secure and future-proof Windows 11… Go to gbhackers.com

I-O DATA Routers Under Attack: Urgent Firmware Update Needed! Multiple vulnerabilities have been discovered in I-O DATA routers UD-LT1 and UD-LT1/EX, and active exploitation is already underway. JPCERT/CC, a Japanese cybersecurity organization, issued a warning that these vulnerabilities leave… Go to gbhackers.com

CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC). One of these… Go to gbhackers.com

Google Chrome Addresses High-Severity Flaw in V8 JavaScript Engine (CVE-2024-12053) Google has released a security update for its Chrome web browser to mitigate a high-severity “type confusion” vulnerability (CVE-2024-12053) residing within the V8 JavaScript engine. This vulnerability has the potential… Go to gbhackers.com

Threat Actors Exploiting Misconfigured Docker Remote API Servers with Gafgyt Malware Trend Micro Research has revealed a significant evolution in the behavior of the Gafgyt malware (also known as Bashlite or Lizkebab), which is now targeting misconfigured Docker Remote API servers…. Go to gbhackers.com

CISA Flags Three Actively Exploited Vulnerabilities in Critical Systems The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding three critical security vulnerabilities actively exploited in the wild. These vulnerabilities, now included in CISA’s Known Exploited Vulnerabilities… Go to gbhackers.com

PoC Confirms Root Privilege Exploit in TP-Link Archer AXE75 Vulnerability (CVE-2024-53375) A newly discovered vulnerability in the TP-Link Archer AXE75 router, tracked as CVE-2024-53375, could allow remote attackers to execute arbitrary commands on vulnerable devices. This critical flaw, identified by security… Go to gbhackers.com

Critical Vulnerabilities in mySCADA myPRO Software Pose Significant Risk to Industrial Control Systems Researchers have disclosed critical vulnerabilities in mySCADA’s myPRO software, a widely deployed industrial automation platform. These security flaws could permit remote attackers to gain unauthorized access and complete control over… Go to gbhackers.com

Cisco Confirms Active Exploitation of Decade-Old WebVPN Vulnerability in ASA Software Cisco Systems has issued an updated security advisory regarding CVE-2014-2120, a vulnerability affecting the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software. Originally disclosed in 2014, this vulnerability… Go to gbhackers.com

Surprise Exit: Gelsinger Retires from Intel After 40 Years In a surprise move that sent ripples through the tech world, Intel Corporation announced today that CEO Pat Gelsinger has retired, effective December 1, 2024. This marks the end of… Go to gbhackers.com

OpenAI Considers Ads for ChatGPT: Will Free Users Pay the Price? OpenAI, the company behind the wildly popular AI chatbot ChatGPT, might be introducing advertisements to its free platform. This move comes as the company grapples with the astronomical costs of… Go to gbhackers.com

CVE-2024-48651: ProFTPD Vulnerability Grants Root Access to Attackers Popular FTP server ProFTPD has been found to contain a critical security flaw that could allow attackers to gain root access to vulnerable systems. The vulnerability, tracked as CVE-2024-48651 (CVSS… Go to gbhackers.com

Google Chrome Enhances User Security with AI-Powered Website Reviews Google Chrome is set to bolster online safety for users with the integration of a new AI-driven feature: “Store Reviews.” This functionality aims to provide users with a streamlined method… Go to gbhackers.com

KrbRelayEx: A Kerberos Relaying Tool for Penetration Testing KrbRelayEx is an open-source tool designed for security professionals to assess the security of Active Directory environments. It leverages the power of Kerberos relaying, a technique that exploits the trust… Go to gbhackers.com

Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group A proof-of-concept (PoC) exploit code for CVE-2024-49039, a zero-day vulnerability in Windows Task Scheduler, has been publicly released, raising concerns about increased attacks. This vulnerability, with a CVSS score of… Go to gbhackers.com

From US to UAE: APT35 Expands Reach in Cyber Espionage The ThreatBook Research and Response Team has revealed a sophisticated campaign by APT35, also known as Magic Hound or Charming Kitten, targeting the aerospace and semiconductor industries across multiple countries,… Go to gbhackers.com

Horns&Hooves Campaign Leverages NetSupport and BurnsRAT for Widespread Compromise In a detailed report by Kaspersky Labs, the Horns&Hooves campaign emerges as a notable example of cybercriminal ingenuity, leveraging dual RAT payloads—NetSupport RAT and BurnsRAT—to compromise systems across various sectors…. Go to gbhackers.com

New Report Reveals SmokeLoader’s Advanced Tactics in Taiwan Campaign A recent report by FortiGuard Labs has highlighted a targeted cyberattack involving the infamous SmokeLoader malware. This campaign, observed in September 2024, aimed at several industries in Taiwan, including manufacturing,… Go to gbhackers.com

RevC2 and Venom Loader Exploit MaaS in Advanced Campaigns The latest findings from ThreatLabz reveal two novel malware families, RevC2 and Venom Loader, actively deployed in campaigns between August and October 2024. Leveraging the Malware-as-a-Service (MaaS) platform of the… Go to gbhackers.com

Why Should Gamers Use a Proxy? Feature Gaming Without Proxy Gaming With Proxy Ping and Latency High ping, leading to lag Reduced ping for smoother gameplay Geo-Restrictions Limited access to some servers Unblocks restricted gaming servers… Go to gbhackers.com

Zero-Day Attack Alert: Corrupted Files Weaponized in New Attacks A new 0-day attack leverages file corruption to slip past antivirus and sandbox defenses. A sophisticated new phishing campaign is leveraging a novel technique to bypass traditional security measures, delivering… Go to gbhackers.com

Bologna FC Suffers Major Data Breach in Ransomware Attack Serie A club falls victim to RansomHub, exposing sensitive player, financial, and operational data. Bologna FC 1909 S.p.a. has officially confirmed a targeted ransomware attack on its internal security systems,… Go to gbhackers.com

Cyber Monday Scams: Unmasking the Shadows of Online Shopping Cyber Monday, a day eagerly awaited by shoppers for its irresistible deals, has become a hunting ground for cybercriminals leveraging the surge in online activity to execute sophisticated scams. CloudSEK’s… Go to gbhackers.com

Windows 10 ESU Cracked: Free Security Updates on the Horizon? The MAS team, led by developer @Massgravel, has reportedly bypassed the paid Extended Security Updates (ESU) program for Windows 10, potentially allowing users to receive security updates for free even… Go to gbhackers.com

MediaTek Patches High-Severity Vulnerability in Smartphone Chipsets (CVE-2024-20125) MediaTek has released its latest Product Security Bulletin, addressing a high-severity vulnerability that could lead to unauthorized access and control of user devices. The vulnerability, identified as CVE-2024-20125, allows attackers… Go to gbhackers.com

Microsoft Clarifies Windows 11 Installation on Unsupported Devices: Proceed with Caution Microsoft has updated its support documentation regarding Windows 11 installation on devices that don’t meet the minimum system requirements. While the company still advises against this practice, the updated documentation… Go to gbhackers.com

Critical Vulnerabilities Discovered in IBM Security Verify Access Appliance Security researchers have disclosed multiple critical vulnerabilities affecting IBM Security Verify Access Appliance, a widely deployed solution for web application access management and authentication. IBM has issued a security bulletin… Go to gbhackers.com

Windows Server 2012 Users Beware: 0day Vulnerability Bypasses Mark of the Web Security ACROS Security, the creators of 0patch micropatching technology, have uncovered a zero-day vulnerability affecting Windows Server 2012 and Server 2012 R2. This vulnerability allows malicious actors to circumvent the “Mark… Go to gbhackers.com

Operation “Code on Toast”: A Deep Dive into TA-RedAnt’s Exploitation of Zero-Day Flaw (CVE-2024-38178) North Korean-linked hacking group TA-RedAnt has been implicated in a sophisticated large-scale cyber attack dubbed “Operation Code on Toast,” targeting unsuspecting users through a novel Internet Explorer (IE) vulnerability. Security… Go to gbhackers.com

Hackers vs. LED Indicators: Why Tape Remains the Ultimate Camera Shield A few years ago, a viral photo of Mark Zuckerberg’s laptop revealed a simple yet effective security measure: tape covering the webcam. It was a moment that ignited global conversations… Go to gbhackers.com

Security Alert: Bootkitty Bootkit Targets Linux via UEFI Vulnerability (CVE-2023-40238) Security researchers from Binarly and ESET have uncovered “Bootkitty,” the first-ever UEFI bootkit designed to target Linux systems. This new threat exploits the LogoFAIL vulnerability (CVE-2023-40238), a UEFI firmware flaw,… Go to gbhackers.com

CVE-2024-11980 (CVSS 10): Critical Flaw in Billion Electric Routers TWCERT/CC disclosed multiple vulnerabilities affecting several Billion Electric router models, including the M100, M150, M120N, and M500. These vulnerabilities range in severity, with the most critical (CVE-2024-11980) receiving a CVSSv3… Go to gbhackers.com

CVE-2024-52336 & CVE-2024-52337: Vulnerabilities in Linux Tuned Daemon The SUSE Security Team has uncovered two vulnerabilities in the Linux Tuned daemon, a critical tool for runtime hardware and kernel optimization. These vulnerabilities, tracked as CVE-2024-52336 (CVSS 7.8) and… Go to gbhackers.com

Over-the-Air Vulnerabilities in Advantech EKI Access Points Put Industrial Networks at Risk Industrial environments are increasingly relying on wireless technologies to power critical operations. However, a recent report from Nozomi Networks Labs reveals that this technological shift is exposing industrial networks to… Go to gbhackers.com

CVE-2024-8672 (CVSS 9.9): Critical Flaw in Widget Options Plugin Threatens 100,000+ Websites A critical security vulnerability (CVE-2024-8672) in the popular “Widget Options” plugin, which boasts over 100,000 active installations, has been patched in the latest release (version 4.0.8). This vulnerability, assigned a… Go to gbhackers.com

Malicious PyPI Package Targets Cryptocurrency Wallets: aiocpa Campaign Exposed Cybersecurity researchers at ReversingLabs have uncovered a stealthy supply chain attack targeting cryptocurrency wallets via the PyPI repository. The malicious package, named aiocpa, posed as a legitimate crypto client tool,… Go to gbhackers.com

CVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows Arbitrary Code Execution The Apache Software Foundation has addressed a critical security vulnerability (CVE-2024-52338) in the Apache Arrow R package. This vulnerability, impacting versions 4.0.0 through 16.1.0, could allow attackers to execute arbitrary… Go to gbhackers.com

ShadowHound: Enhancing Active Directory Reconnaissance with a Stealthy and Efficient Ingestor Abstract In the realm of offensive security assessments, the need for discreet and effective Active Directory (AD) reconnaissance is paramount. Traditional methods often rely on introducing external binaries, increasing the… Go to gbhackers.com

Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published An independent researcher has uncovered a critical vulnerability in the ksthunk.sys driver, a component of the Windows operating system responsible for facilitating 32-bit to 64-bit process communications. The flaw, which… Go to gbhackers.com

Malicious npm Packages Threaten Crypto Developers: Keylogging and Wallet Theft Revealed Researchers at Socket have uncovered a malicious campaign targeting crypto developers. The attacker, operating under the pseudonym “topnotchdeveloper12”, has published three malicious npm packages—crypto-keccak, crypto-jsonwebtoken, and crypto-bignumber—that mimic legitimate cryptographic… Go to gbhackers.com

Evasive Malware Campaign Leverages CleverSoar Installer & Nidhogg Rootkit Rapid7 Labs has uncovered a sophisticated malware campaign employing the newly identified CleverSoar installer, a highly evasive threat targeting Chinese and Vietnamese-speaking users. With advanced evasion techniques and layered malicious… Go to gbhackers.com

Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC Security researchers from TrustedSec have uncovered a critical zero-day vulnerability, CVE-2024-49019, affecting Active Directory Certificate Services (AD CS). This flaw exploits a feature of version 1 certificate templates, allowing attackers… Go to gbhackers.com

CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited CERT Germany (CERT-Bund) and Zyxel have warned of actively exploiting a critical vulnerability in Zyxel firewalls. This vulnerability tracked as CVE-2024-11667, is being leveraged to deploy Helldown ransomware, with initial… Go to gbhackers.com