CSOonline

Attackers exploit zero-day RCE flaw in Cleo managed file transfer

The exploit takes advantage of a known file upload vulnerability that was not efficiently patched and can still be exploited in up-to-date versions of Cleo LexiCom, VLTrader and Harmony products.
Bleeping Computer

Hackers exploit ProjectSend flaw to backdoor exposed servers

Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. The flaw, tracked as CVE-2024-11680, is a ...
Threat Post

Apache Tomcat Exploit Poised to Pounce, Stealing Files

Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers. A vulnerability in the popular Apache Tomcat web server is ripe for active attack, ...
Ars Technica

Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets

Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-severity vulnerability that allows complete takeover, researchers said. The vulnerability ...
Bleeping Computer

Hackers target WordPress calendar plugin used by 150,000 sites

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute ...