1. Executive Summary CVE-2024-38094 is a Microsoft SharePoint Server remote code execution (RCE) vulnerability rooted in unsafe deserialisation (CWE-502) and scored 7.2 (High) under CVSS v3.1 by Microsoft. (NVD) It…
1. Executive Summary In October 2024, the Internet Archive (IA) faced a compound cyber incident combining service-disrupting DDoS activity with a major compromise of user authentication data (31 million records)…
1. Executive Summary CVE-2024-11120 is a critical OS command injection vulnerability affecting certain end-of-life (EOL) GeoVision video server/DVR and licence-plate-recognition device lines, enabling unauthenticated remote attackers to execute arbitrary system…
1. Executive Summary In a financially motivated campaign attributed to the Lazarus Group’s BlueNoroff ecosystem, attackers weaponised a Google Chrome zero-day in the V8 JavaScript engine to compromise victims who…
1. Executive Summary CVE-2024-47575 is a critical “missing authentication for a critical function” vulnerability (CWE-306) in Fortinet FortiManager and FortiManager Cloud that can enable unauthenticated remote attackers to execute arbitrary…