A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of…

Continue ReadingA remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.

Bypassing Cloudflare Zero Trust Secure Web Gateway Policies using warp-cli set-custom-endpoint command

It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to…

Continue ReadingBypassing Cloudflare Zero Trust Secure Web Gateway Policies using warp-cli set-custom-endpoint command

RansomEXX leaked a database of 52GB, which it claims to be stolen from Consorci Sanitari Integral, a Barcelona hospital system.

A ransomware gang says it published information including medical test results and identity cards stolen from a Barcelona hospital system that serves more than 1 million patients each year. More…

Continue ReadingRansomEXX leaked a database of 52GB, which it claims to be stolen from Consorci Sanitari Integral, a Barcelona hospital system.