Security – Page 86 – TheCyberThrone

CVE-2024-12987 affecting DrayTek Routers

CVE-2024-12987 is a critical security vulnerability identified in the DrayTek Vigor2960 and Vigor300B routers, specifically affecting firmware version 1.5.1.4. This vulnerability resides within the Web Management Interface, in the file…

PravinKarthik January 1, 2025

CVE-2024-21182: Oracle WebLogic Server Flaw Exploit Code Released

CVE-2024-21182 is a high-severity vulnerability identified in Oracle WebLogic Server. This security flaw affects specific versions of the software, namely Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0. The vulnerability allows remote…

PravinKarthik December 31, 2024

CISA adds PaloAlto CVE-2024-3393 to its KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) recently added CVE-2024-3393 to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability affects Palo Alto Networks' PAN-OS software and involves a malformed DNS…

PravinKarthik December 31, 2024

CVE-2024-56512 impacts Apache NiFi

CVE-2024-56512 is a security vulnerability identified in Apache NiFi, specifically affecting versions 1.10.0 through 2.0.0. This vulnerability is due to missing fine-grained authorization checks when creating new Process Groups. Nature…

PravinKarthik December 30, 2024

Exploit Code released for Apache Traffic Control Flaw CVE-2024-45387

What is CVE-2024-45387? CVE-2024-45387 is a critical vulnerability identified in Apache Traffic Control, specifically affecting the Traffic Ops module in versions 8.0.0 to 8.0.1. The nature of this vulnerability is…

PravinKarthik December 30, 2024

Demystifying Cybersecurity Trends for 2025

As we move into 2025, the cybersecurity landscape continues to evolve rapidly, driven by technological advancements and the ever-growing sophistication of cyber threats. Organizations must stay ahead of these changes…

PravinKarthik December 29, 2024

OtterCookie Malware indulged in a sophisticated campaign

Background: OtterCookie is a sophisticated malware strain that has emerged as a significant threat to software developers. This malicious campaign, known as the "Contagious Interview," has been active since December…

PravinKarthik December 29, 2024

Exploit code released for Microsoft CVE-2024-30085

CVE-2024-30085 is a high-severity vulnerability identified in the Windows Cloud Files Mini Filter Driver (cldflt.sys). This vulnerability arises from a heap-based buffer overflow issue, which can be exploited by local…

PravinKarthik December 28, 2024