Category: News
Spring vulnerabilities – Log4j flashbacks
Post is about the latest vulnerabilities in Spring framework, without boring details, only facts and what you need to know about these vulnerabilities. (links to detailed info in the post) […]
Easy way to privilege escalation in any Linux via pkexec 🔥🔥🔥
CVE-2021-4034: pwnkit: Local Privilege Escalation in polkit’s pkexec for almost any Linux system. Vulnerability == Bug. The first bug commit appeared in May 2009. Qualys researchers reported this vulnerability exploitation […]
Project zero on the move, vulnerabilities in theWild and Nginx malware
Mostly an ordinary week with critical vulnerabilities in ZOOM, Zoho and Mazilla, but Google Project Zero on the move. Also, a couple of cool malware. Vulnerabilities: Mozilla NSS, ZOOM and […]
Continuous patching Microsoft, tons of zero-days for one month and other “mistakes”
Month of non-stop Microsoft fixes and even if you install everything, you still remain vulnerable (PrintNightmare is a real nightmare). There were also many zero-days that everyone was so used […]
Lucky month for law enforcement, patching vulnerabilities and fighting malware
There is a lot of news this month about large-scale investigations by law enforcement agencies and other good guys. The release of decryptors undermines the ransomware business and is an […]
Couple huge patches, hackers, update for Vulners interface and other news
Check out the updated Vulners interface! Argentina shows about every few months why information security is important. For example, this month the passports of all residents of the country appeared […]
Open-source Twitter, weekly google patches and other fails
Twitter has become an open source project this week. Check out the cool research from ESET and Kaspersky teams. A typical week in information security. Vulners is helping thousands of […]
Non-hype vulnerabilities and news in Vulners monthly review
Microsoft in our weekly digests of this month. Traditionally, it was collected underestimated and unmentioned vulnerabilities with the news of the past month. There will be vulnerabilities in Kindle and […]
RCE with exploit in Confluence Server and Confluence Data Center (CVE-2021-26084)
On August 25, Atlassian reported a critical Remote Code Execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability allows an authenticated user, and in some cases an unauthenticated […]
Keep in save your devices, patch critical systems and stay on the latest
Apparently this month there is a boom in vulnerabilities in various devices. Ransomware continues to be active, improving encryption methods and introducing new techniques in attacks. But even the largest […]