Aggregator

Currently trending CVE - Hype Score: 7 - The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.

Currently trending CVE - Hype Score: 7 - Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Currently trending CVE - Hype Score: 7 - Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, ...

Currently trending CVE - Hype Score: 7 - In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the ...

Currently trending CVE - Hype Score: 7 - The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the ...

The Apache Software Foundation released Apache HTTP Server version 2.4.68 on June 8, 2026, addressing 13 security vulnerabilities spanning multiple modules. The patched flaws include use-after-free conditions, cross-site scripting, heap-based buffer overflows, denial-of-service, privilege escalation, and out-of-bounds read issues affecting all versions from 2.4.0 through 2.4.67. Administrators running any prior release are strongly urged to […]

The post Apache HTTP Server 2.4.68 Released With Fix For Use-After-Free, DoS, XSS, and Buffer Overflow Flaws appeared first on Cyber Security News.

株式会社アルコムが提供するCamViewのインストーラにはDLL読み込みに関する脆弱性が存在します。

An autonomous security agent uncovered 21 zero-day vulnerabilities in FFmpeg, the world’s most widely deployed media processing library, including a critical RCE-capable heap buffer overflow reachable with a single 183-byte network packet. FFmpeg quietly powers media processing across browsers, streaming platforms, surveillance systems, and cloud infrastructure, making it one of the most security-critical open-source libraries. […]

The post 21 0-Day Vulnerabilities in FFmpeg Enables Remote Code Execution Attacks appeared first on Cyber Security News.

Even a mundane feedback form can morph into an initial attack vector. This transition occurs when a data handler executes submitted text as code. Specifically, adversaries are actively exploiting a critical vulnerability designated as...

The post Remote Code Execution: Critical Flaw in Everest Forms Pro Enables WordPress Invasions appeared first on Information Security News.

An elderly couple in Antwerp, Belgium, suffered a devastating loss of €50,000. Specifically, an impostor masqueraded as a banking official. He seamlessly manipulated the spouses into transferring their funds to an alleged “secure” account....

The post Judicial Paradigm Shift: Belgian Court Orders Bank to Reimburse Phishing Victims appeared first on Information Security News.

An Application Programming Interface description file might seem like an ordinary technical detail. However, for malicious actors, this file often serves as an elegant map of an external service. The Mechanics of API Exposure...

The post Architectural Blueprints: The Security Risks of Exposed Swagger Specifications appeared first on Information Security News.

A new wave of the Shai-Hulud supply chain campaign, adding 23 newly discovered malicious PyPI package-version artifacts to an already alarming operation that previously compromised 37 packages. The broader campaign identified by the Socket Threat Research team, tracked across the Mini Shai-Hulud, Miasma, and Hades threat clusters, now spans 471 total artifacts across npm and PyPI, comprising […]

The post New Shai-Hulud Attack Compromises 23 PyPI Packages to Target MCP Developers appeared first on Cyber Security News.

Cyber-extortionists increasingly eschew complex digital intrusions. Instead, they initiate malicious campaigns through conventional voice dialogues. Fraudsters smoothly convince employees that they are speaking with internal IT personnel. Subsequently, they manipulate targets into submitting authentication...

The post Vocal Deception: The Pink Extortion Syndicate Weaponizes Social Engineering appeared first on Information Security News.

Personal computing is steadily departing from the traditional desktop paradigm. Historically, users manually launch applications and toggle between disparate windows. Instead, Microsoft recently unveiled Project Solara. This innovative platform prioritizes autonomous software agents over...

The post Beyond the Desktop: Microsoft Unveils Project Solara Agentic Architecture appeared first on Information Security News.

Customization first, competence last; the order looks reversed but isn'tJune 8, 2026I'm increasingly

Even a transient six-digit credential can attract a massive automated assault. This vulnerability manifests when adversaries find methods to iterate combinations programmatically. Consequently, Dashlane disclosed a targeted exploitation attempting to compromise select user repositories....

The post Cryptographic Resilience: Dashlane Thwarts Automated Device Registration Incursion appeared first on Information Security News.

致力于第一时间为企业级用户提供权威漏洞情报和有效解决方案。

American legal institutions face an unprecedented wave of adversarial incursions. Importantly, these threat actors completely forgo malicious software. Instead, they secure initial system access via conventional telephone communications. According to intelligence from Mandiant, an...

The post Architectural Deception: Voice-Driven Extortion Campaigns Target American Legal Institutions appeared first on Information Security News.

Endpoint Detection and Response (EDR) platforms face a subtle, perilous vulnerability. Consequently, defensive agents can become entirely blinded without undergoing a direct application hack. A novel open-source utility, designated as EDRChoker, proves this structural...

The post Architectural Blindness: EDRChoker Weaponizes Windows QoS to Isolate Endpoint Defense Agents appeared first on Information Security News.

The Apache Software Foundationから、Apache HTTP Server 2.4系における複数の脆弱性に対応したApache HTTP Server 2.4.68が公開されました。