CSO Online

Critical jsPDF vulnerability enables arbitrary file read in Node.js deployments

The path traversal bug allows attackers to include arbitrary filesystem content in generated PDFs when file paths are not ...
Infosecurity-magazine.com

Learning from File Transfer Software Vendors’ Vulnerability Response

The zero-day exploitation of Progress Software’s MOVEit Transfer solution has dominated news headlines since May 2023, with the vulnerability affecting organizations around the globe. Major UK ...
WeLiveSecurity

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise ...
Ars Technica

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April

A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open ...
TechRepublic

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ Your email has been sent Microsoft has detected a zero-day vulnerability in the Windows Common ...