A flaw rated “critical” in Nvidia server tools could potentially allow attackers to compromise AI servers.Researchers with Wiz identified the flaw last year, which could allow an attacker to escape a container and execute high level commands or view data from other containers on the host machine.Administrators are being advised to update their Nvidia Container … Read more
An unpatched vulnerability in the Ivanti Connect Secure VPN has been under active attack. Researchers with Google’s Mandiant Cloud security team said that one or more threat actors are currently exploiting CVE-2025-0282 for remote takeover attacks on targeted networks. The flaw, originally exploited as a zero-day vulnerability, has since been given an emergency patch and … Read more
Dec 27, 2024Ravie LakshmananVulnerability / Software Security The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and … Read more
Security researchers have identified a vulnerability in AMD processors that they have dubbed badRAM and which could allow threat actors with physical access to cloud computing environments to bypass encryption protections, reports The Record, a news site by cybersecurity firm Recorded Future. The flaw circumvents AMD’s Secure Encrypted Virtualization, which encrypts virtual machine memory to … Read more
Nov 27, 2024Ravie LakshmananVulnerability / Software Security A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until … Read more
