Mise à jour de la base de données, veuillez patienter...

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on

A previously undocumented firmware implant deployed to maintain stealthy persistence as part of a targeted espionage campaign has been linked to the Chinese-speaking Winnti advanced persistent threat group (APT41). Kaspersky, which codenamed the rootkit MoonBounce, characterized the malware as the "most advanced UEFI firmware implant discovered in the wild to date," adding "the purpose of the

The U.S. Treasury Department on Thursday announced sanctions against four current and former Ukrainian government officials for engaging in "Russian government-directed influence activities" in the country, including gathering sensitive information about its critical infrastructure. The agency said the four individuals were involved in different roles as part of a concerted influence campaign to

Cisco Systems has rolled out fixes for a critical security flaw affecting Redundancy Configuration Manager (RCM) for Cisco StarOS Software that could be weaponized by an unauthenticated, remote attacker to execute arbitrary code and take over vulnerable machines. Tracked as CVE-2022-20649 (CVSS score: 9.0), the vulnerability stems from the fact that the debug mode has been incorrectly enabled

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both