The Information Highway

The Information Highway

CrushFTP warns users to patch exploited zero-day “immediately”

CrushFTP_headpic

CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately.

Continue reading
  625 Hits

New Fortinet RCE bug is actively exploited, CISA confirms

Fortinet2

CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.


Continue reading
  1174 Hits

Exploit for CrushFTP RCE chain released, patch now

hacker-looking-at-screens

A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. 

Continue reading
  848 Hits

Fortinet warns of critical command injection bug in FortiSIEM

Fortinet

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. 

Continue reading
  931 Hits

WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks

WordPress-headpic

The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database. 

Continue reading
  875 Hits

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023