VMware has disclosed a critical authentication bypass vulnerability in its Cloud Director Appliance, allowing malicious actors to bypass login restrictions on certain ports.
Over 1,000 unique secrets, including AWS Keys and Google API keys, have been added to PyPI, posing a serious cybersecurity threat.
Microsoft’s November 2023 update includes patches for 58 vulnerabilities, including actively exploited flaws and publicly disclosed zero-day bugs.
Malicious actors exploit the trust associated with Dependabot, highlighting vulnerabilities in CI/CD pipelines and the need for developers to implement robust security measures.
A Vietnamese threat group known for the Ducktail stealer malware conducted a campaign targeting marketing professionals in India, hijacking Facebook business accounts through malicious content spread via sponsored ads.
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned federal agencies about the urgent need to secure Juniper devices against a pre-auth remote code execution (RCE) exploit chain, as vulnerabilities are actively being exploited and pose a significant threat to the security of organizations.
