An attacker could have planted a malicious configuration to execute commands outside the sandbox.
The post Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks appeared first on SecurityWeek.
EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
Claroty researchers discovered two vulnerabilities that can be exploited for security bypass and remote code execution.
The post EnOcean SmartServer Flaws Expose Buildings to Remote Hacking appeared first on SecurityWeek.
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
The authentication bypass flaw allows attackers to gain administrative access to vulnerable servers.
The post Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months appeared first on SecurityWeek.
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
Affecting the kernel’s authencesn cryptographic template, the vulnerability was introduced in 2017 and impacts all distributions.
The post ‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover appeared first on SecurityWeek.
Sandhills Medical Says Ransomware Breach Affects 170,000
It took the healthcare organization nearly one year to publicly disclose a data breach after it was targeted by Inc Ransom.
The post Sandhills Medical Says Ransomware Breach Affects 170,000 appeared first on SecurityWeek.
Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
The vulnerability allows attackers to read data from a LiteLLM proxy’s database and potentially modify it.
The post Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure appeared first on SecurityWeek.
Hundreds of Internet-Facing VNC Servers Expose ICS/OT
Forescout has identified tens of thousands of exposed RDP and VNC servers that can be mapped to specific industries.
The post Hundreds of Internet-Facing VNC Servers Expose ICS/OT appeared first on SecurityWeek.
Checkmarx Confirms Data Stolen in Supply Chain Attack
The hackers exfiltrated the data from Checkmarx’s GitHub environment on March 30, a week after publishing malicious code.
The post Checkmarx Confirms Data Stolen in Supply Chain Attack appeared first on SecurityWeek.
Iranian Cyber Group Handala Targets US Troops in Bahrain
US service members received WhatsApp messages claiming they would be targeted with drones and missiles.
The post Iranian Cyber Group Handala Targets US Troops in Bahrain appeared first on SecurityWeek.
38 Vulnerabilities Found in OpenEMR Medical Software
Some of the vulnerabilities discovered by Aisle can be exploited to access and alter sensitive patient information.
The post 38 Vulnerabilities Found in OpenEMR Medical Software appeared first on SecurityWeek.
