Japan’s CERT warned that the WordPress plugin Forminator, developed by WPMU DEV, is affected by multiple vulnerabilities, including a flaw that allows unrestricted file uploads to the server.

A local, authenticated attacker can exploit the vulnerability, tracked as CVE-2024-20295, to conduct command injection attacks on the underlying operating system and elevate privileges to root.

Czech transport minister Martin Kupka confirmed that Russia-linked threat actors conducted “thousands of attempts to weaken our systems” since the beginning of the Russian invasion of Ukraine.

Researchers at watchTowr Labs have released a technical analysis of the vulnerability CVE-2024-3400 in Palo Alto Networks’ PAN-OS and a proof-of-concept exploit that can be used to execute shell commands on vulnerable firewalls.

Amidst rising tensions with China in the South China Sea, Resecurity has observed a significant spike in malicious cyber activity targeting the Philippines in Q1 2024, increasing nearly 325% compared to the same period last year.

The attack chain sees hackers targeting a list of sensor gateways IPs. Threat actors distributed their malware to each target, likely either through remote-access protocols such as SSH or the sensor protocol (SBK) over port 4321.

According to BOD 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware payloads on vulnerable systems.

Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system, including CVE-2024-3385, CVE-2024-3384, CVE-2024-3382.

Fortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of 9.4), in FortiClientLinux.