August 2024 – Page 4 – TheCyberThrone

Spring Security fixes CVE-2024-38810

A high-severity flaw has been discovered in Spring Security, potentially allowing unauthorized access to sensitive data within affected applications. Spring Security’s powerful method security features allow developers to control access…

PravinKarthik August 22, 2024

Atlassian fixes CVE-2024-21689 vulnerability in Bamboo

Atlassian has issued a patch for a high severity vulnerability in its Bamboo Data Center and Server products, which is a Remote Code Execution. The vulnerability tracked as CVE-2024-21689 with…

PravinKarthik August 21, 2024

Toyota suffers a major databreach with 240GB of data leaked

Toyota has suffered a data breach in which a massive 240GB trove of sensitive information was stolen and leaked, exposing data on employees, customers, financial records, and network infrastructure The…

PravinKarthik August 21, 2024

Microsoft Flaw CVE-2024-38193 exploited by Lazarus Group

During this month patch Tuesday, microsoft addressed nearly 90 flaws, some of which have already been exploited by hackers. One specific vulnerability, CVE-2024-38193 with a CVSS score of 7.8, is…

PravinKarthik August 20, 2024

F5 fixes NGINX and BIG-IP Vulnerabilities

F5 has recently released security advisories addressing vulnerabilities in its products. These vulnerabilities, if exploited, could lead to denial-of-service (DoS) attacks and unauthorized access, disruptions and data breaches NGINX Plus…

PravinKarthik August 20, 2024

CISA adds Jenkins bug CVE-2024-23897 to its KEV Catalog

The U.S. CISA added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Jenkins has addressed the vulnerability tracked as CVE-2024-23897, with a…

PravinKarthik August 20, 2024

PoC for IvantiTM vulnerability CVE-2024-7593 released

To limit the exploitability of this vulnerability, Ivanti recommends limiting Admin Access to the Management Interface internal to the network through the private / corporate network. The researchers at Shadowserver…

PravinKarthik August 19, 2024

7 year old bug hauts Google Pixel devices

Researchers have discovered a critical vulnerability that has been surfaced within Pixel devices since 2017, potentially putting millions of Google Pixel users at risk. The vulnerability stems within the pre-installed…

PravinKarthik August 18, 2024