For weeks now, unidentified threat actors have been leveraging a critical zero-day vulnerability in Palo Alto Networks’ PAN-OS software, running arbitrary code on vulnerable firewalls, with root privilege. Multiple security researchers have flagged the campaign, including Palo Alto Networks’ own Unit 42, noting a single threat actor group has been abusing a vulnerability called command … Read more
A high-severity vulnerability has been recently discovered in certain D-Link Network Attached Storage (NAS) instances which could be used to run malicious code, steal sensitive data, and mount denial-of-service (DoS) attacks. Cybersecurity researcher Netsecfish, who discovered the flaw, found multiple instances of D-Link’s NAS devices have an arbitrary command injection flaw in the “system” parameter, … Read more
On Friday March 29, Microsoft employee Andres Freund shared that he had found odd symptoms in the xz package on Debian installations. Freund noticed that ssh login was requiring a lot of CPU and decided to investigate leading to the discovery. The vulnerability has received the maximum security ratings with a CVS score of 10 … Read more