2024 – Page 8 – TheCyberThrone

CISA KEV Catalog Update Part IV – December 2024

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20767 The vulnerability withca CVSS score of 8.2. This vulnerability arises from improper…

PravinKarthik December 17, 2024

Dell fixes CVE-2024-37143 and CVE-2024-38144 vulnerabilities

Dell has recently released security updates to address multiple vulnerabilities affecting several of its enterprise products, including PowerFlex, InsightIQ, and Data Lakehouse. The vulnerabilities, identified as CVE-2024-37143 with a CVSS…

PravinKarthik December 16, 2024

Exploit Code released for Spring Framework CVE-2024-38819

Security researcher Anzai from Aeye Security Lab has brought significant attention to a critical vulnerability known as CVE-2024-38819 by publishing a proof-of-concept (PoC) exploit on GitHub. This vulnerability poses a…

PravinKarthik December 16, 2024

Fortinet Acquires Perception Point

Fortinet has made an acquisition of Perception Point, an Israeli cybersecurity company renowned for its advanced email and collaboration security solutions. The acquisition, valued at approximately $200 million, is poised…

PravinKarthik December 15, 2024

Indian users are targeted by Banking Trojan

McAfee Labs has recently uncovered a sophisticated Android banking trojan named Android/Banker, specifically targeting Indian users. This malicious software exploits the widespread use of utility and banking apps in India…

PravinKarthik December 15, 2024

Supply Chain Attack in NPM Steals Credentials

The MUT-1244 threat actor has been identified as the group behind the sophisticated supply-chain attack targeting the @0xengine/xmlrpc package. This group has been active for over a year, using multiple…

PravinKarthik December 14, 2024

CISA adds Cleo Vulnerability CVE-2024-50623 to KEV Catalog

The US CISA adds Cleo vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation reported. Security vendor Huntress was the first to publicize the attacks,…

PravinKarthik December 14, 2024