ZDI-22-1591: Parse Server buildUpdatedObject Prototype Pollution Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is required to exploit this vulnerability. Read More
ZDI-22-1592: Parse Server _expandResultOnKeyPath Prototype Pollution Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parse Server. Authentication is required to exploit this vulnerability. Read More
Somnia Ransomware Targets Ukraine
FortiGuard Labs is aware of a report that a new ransomware "Somnia" was observed in attacks against Ukraine. Somnia ransomware was deployed as a final...
Emotet Distributed Through U.S. Election Themed Link Files
FortiGuard Labs has discovered that Emotet was recently delivered through an archive file that has a file name targeting those interested in the U.S. midterm...
USN-5722-1: nginx vulnerabilities
It was discovered that nginx incorrectly handled certain memory operations in the ngx_http_mp4_module module. A local attacker could possibly use this issue with a specially...
python3.7-3.7.15-2.fc35
FEDORA-2022-760d1eac9b Packages in this update: python3.7-3.7.15-2.fc35 Update description: Security fix for CVE-2022-37454 Read More
The Medibank Data Breach – Steps You Can Take to Protect Yourself
Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly 8 million Australian Medibank customers,...
DSA-5281 nginx – security update
It was discovered that parsing errors in the mp4 module of Nginx, a high-performance web and reverse proxy server, could result in denial of service,...
DSA-5280 grub2 – security update
Several issues were found in GRUB2's font handling code, which could result in crashes and potentially execution of arbitrary code. These could lead to by-pass...
DSA-5279 wordpress – security update
Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform SQL injection, create open redirects, bypass authorization access, or...