The vulnerabilities added include CVE-2024-23692 affecting Rejetto HTTP File Server, CVE-2024-38080 impacting Windows Hyper-V, and CVE-2024-38112 targeting Windows MSHTML Platform.
The Senate Armed Services Committee presented the NDAA for fiscal year 2025, totaling $923.3 billion for defense funding. This includes $878.4 billion for the Pentagon and $33.4 billion for national security programs under the Department of Energy.
As part of Microsoft’s July 2024 Patch Tuesday, 142 flaws were addressed, including two zero-days actively exploited and two publicly disclosed. Five critical vulnerabilities were fixed, all related to remote code execution.
A Yemeni hacking group associated with the Houthi movement has been spying on military personnel in the Middle East by infecting their phones with surveillance software, according to cybersecurity firm Lookout.
Cybersecurity agencies from Australia, Canada, Germany, Japan, New Zealand, South Korea, the UK, and the US have warned about APT40, a China-linked cyber espionage group known for quickly exploiting new security bugs after public disclosure.
This vulnerability affects Ghostscript versions ? 10.03.0 and can have a significant impact on web applications and services using Ghostscript for document conversion and previews.
The scammers identify previous scam victims and pose as trusted entities such as government agencies, cybersecurity firms, or fund recovery services, asking for upfront fees or personal information to supposedly help with the recovery process.
This vulnerability, tracked as CVE-2024-39884 and caused by a regression, can lead to unintentional exposure of sensitive data when legacy content-type configurations are used.
A new variant of Mallox ransomware has been discovered by cybersecurity researchers at Uptycs, targeting Linux systems with custom encryption and a builder web panel. A custom Python script called web_server.py is used to deliver the ransomware.
Splunk has released a set of security updates to address 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including high-severity issues. CVE-2024-36985 allows remote code execution via External Lookup in Splunk Enterprise.