Jedar for Digital Rights

July 25, 2024

Rising Threat: New Phishing Scam Targets German Customers Following Falcon Sensor Update

In a troubling escalation of digital threats, CrowdStrike, a prominent name in cybersecurity, has issued a critical alert about a newly identified phishing campaign that is specifically aiming its malicious tactics at German customers. This alarming development follows the recent controversy surrounding a Falcon Sensor update, providing a ripe opportunity for attackers to exploit the […]

Ongoing Cyberattack Exploits Exposed Selenium Grid Services for Crypto Mining

In an unsettling reminder of the evolving landscape of cybersecurity threats, researchers have uncovered a persistent assault targeting vulnerable Selenium Grid services that are publicly accessible over the internet. This operation, dubbed “SeleniumGreed” by cloud security firm Wiz, exploits outdated versions of the Selenium framework—specifically version 3.141.59 and earlier. Alarmingly, this situation has likely been […]

Urgent Security Alert: Critical Remote Code Execution Vulnerability in Telerik Report Server (CVE-2024-6327)

Progress Software has issued an urgent advisory, urging users of Telerik Report Server to take immediate action following the discovery of a severe security vulnerability that could potentially allow remote code execution (RCE). This vulnerability, identified as CVE-2024-6327, has been assigned a high CVSS score of 9.9, underscoring the significant impact it may have if […]

July 24, 2024

Critical Vulnerability Exposed: CVE-2024-24621 Enables Remote Root Access Bypass in Softaculous Webuzo

In a significant development for digital security, researchers have uncovered a severe vulnerability in Softaculous Webuzo, identified as CVE-2024-24621. This flaw permits remote attackers, even working anonymously, to bypass authentication via the system’s password reset function—potentially giving them complete control over a server as its root user. The ramifications of this security breach are extensive […]

Critical Vulnerability Alert: CVE-2024-24622 Exposes Softaculous Webuzo to Remote Code Execution Risks

In a concerning development published on July 25, 2024, the cybersecurity landscape has been rattled by the discovery of a serious vulnerability in Softaculous Webuzo, a popular web hosting management panel. This vulnerability, designated as CVE-2024-24622, has been assigned a high severity score of 8.8, signaling a considerable threat to systems utilizing this software.

Critical Command Injection Vulnerability Discovered in Softaculous Webuzo – What You Need to Know

CVE ID: CVE-2024-24623 Published: July 25, 2024, 10:15 p.m.

Significant Security Flaw Discovered in OpenObserve Observability Platform: A Call for Vigilance

In a troubling development for developers and organizations leveraging the OpenObserve open-source observability platform, a critical vulnerability (CVE-2024-41808) has surfaced, threatening user accounts and overall system integrity. This platform, engineered to bolster application tracking and log management, has exposed a significant security gap in its input filtering mechanism, raising urgent concerns for its user base.

Urgent Alert: Critical Command Injection Vulnerability Found in TOTOLINK A6000R Router

In the ever-evolving landscape of digital security, vulnerabilities can emerge unexpectedly, posing significant threats to users worldwide. One such vulnerability has recently been identified in the TOTOLINK A6000R router, earning the designation CVE-2024-41319. This critical flaw, reported on July 23, 2024, has a staggering severity rating of 9.8 out of 10, classifying it as a […]

Urgent Security Alert: CVE-2024-31970 Exposes AdTran SRG 834-5 Devices to Unauthorized Access

In the rapidly evolving landscape of digital security, understanding vulnerabilities is crucial for both personal and organizational safety. The latest security advisory, identified as CVE-2024-31970, has raised alarms concerning a significant vulnerability affecting AdTran SRG 834-5 devices, specifically those operating on SmartOS version 11.1.1.1. Immediate action is recommended to prevent escalation of this issue.

Critical Security Alert: CVE-2024-36541 Exposes AWS Logging-Operator to Privilege Escalation Risks

In a significant development for digital security enthusiasts and cloud technology users, a recently disclosed vulnerability, identified as CVE-2024-36541, has raised alarms for organizations utilizing AWS’s logging-operator v4.6.0. This high-severity flaw, first made public on July 24, 2024, carries a staggering severity score of 8.8 out of a potential 10, indicating its significant potential for […]