Cybersecurity specialists report the detection of a critical vulnerability in , an application written in Python for the prevention of intrusions in a given system. According to the report, this is a serious vulnerability that must be addressed immediately.

Tracked as CVE-2021–32749, the fault resides in the mail-whois send action and exists due to incorrect input validation. Remote threat actors might send specially crafted requests to the target system in order to execute remote code arbitrarily.

The vulnerability received a score of 8.5/10 according to the Common Vulnerability Scoring System (CVSS) scale and its exploitation would allow threat actors to…


Full user records of Guntrader.uk, a website for buying and selling rifles are available on the as a result of a security incident. The website administrators reported the incident to the Information Commissioner’s Office and the National Crime Agency.

In this regard, one of the affected users expressed his concern about the incident, as he fears that this could affect his family. It is worth mentioning that the possession of weapons is subject to strict control in the United Kingdom, so it is very difficult to acquire these items on the black market. …


announced the release of an emergency update in order to address some recently detected security flaws, including a couple errors that can be exploited remotely. Users need to upgrade to iOS 14.7 on their iPhone or iPad devices. Nonetheless, patches do not include a fix for a flaw that allows the installation of Pegasus spyware on Apple devices. The most recent reports indicate that threat actors abuse a zero-day vulnerability in the Apple iMessage feature in order to install the infamous spyware on the exposed devices.

This emergency update addresses a total of 40 flaws, of which 37 are iPhone-only…


A research team from ETH Zurich and Royal Holloway published a detailing the discovery of multiple vulnerabilities in the cryptographic protocol of , one of the most popular messaging platforms today. The experts completed this analysis using only open source tools and without attacking the application’s systems.

While these flaws do not pose a severe risk to Telegram’s millions of users, this is a sign that the system present on the messaging platform is not as secure as previously thought. …


Security teams at Schneider Electric announced the correction of multiple flaws in EVlink, its charging station system for electric vehicles. According to the report, successful exploitation of these flaws would allow threat actors to deploy denial of service attacks.

EVlink charging points are installed on private properties, public parking lots and some public roads. The flaws reside in three families of EVlink products: City, Parking and Smart Wallbox. The company addressed a total of 13 flaws, including three critical flaws, eight high-severity flaws, and two more considered medium-severity.

The issue is primarily related to three vulnerabilities that received a Common…


Google announced the release of a new update for the web browser. Version 91.0.4472.164 will be available for Windows, Mac and Linux systems and addresses seven severe flaws, including a zero-day vulnerability considered critical and that has already been exploited in the wild.

This flaw, tracked as CVE-2021–30563, was described as a type confusion issue affecting the JavaScript and WebAssembly V8 engine: “We are aware of the existence of a zero-day exploit for a severe vulnerability in the wild,” the company report says.

On this kind of errors, specialists mention that their exploitation could result in the abuse of multiple…


The security teams of the technology firm Palo Alto Networks announced the correction of a set of vulnerabilities in Prisma Cloud Compute, a solution for the protection of workloads in the cloud. The patches also address a flaw in the Windows agent for the Cortex XDR detection and response platform.

According to the report, the most severe flaw is a local privilege escalation error in Cortex XDR that received a score of 7.8/10 according to the Common Vulnerability Scoring System (CVSS). This flaw was tracked as CVE-2021–3042. …


announced its decision to fire 52 employees for using their privileged position on the platform to access users’ private data. Apparently, these individuals even tried to get the exact location of some women they were curious or attracted to. Using their access to large amounts of user data through Facebook’s internal systems, the fired engineers were able to view the women’s locations, their private messages, deleted photos and other records.

The report, published by The Telegraph, provides multiple details about the actions of these individuals. For example, one of them was on holiday in Europe with a woman with whom…


Cybersecurity specialists report the discovery of a critical vulnerability in Medisol, a medical services management system developed by the technology firm Codester. The flaw has yet to be addressed by the manufacturer, so a potential attack in the wild is feared.

According to the report, the security flaw exists due to the inappropriate user-supplied data debugging in the “Password” parameter. Remote threat actors can send specially crafted requests to the affected application aiming to run arbitrary SQL commands within the target application database. The flaw has not yet received a CVE tracking key.

The vulnerability received a Common Vulnerability Scoring…


A recent security report states that it is possible to hijack sessions on Google Compute Engine virtual machines to gain root access through a DHCP attack. While deploying this attack is impractical, an attempt can be highly functional.

The report, published on GitHub, mentions that a threat actor could allow threat actors to take control of virtual machines because these deployments rely on ISC DHCP software, which employs a very weak random number generator. A successful attack clutters these virtual machines with DHCP traffic, forcing the use of a fake metadata server controlled by an attacker.

If the attack is…

Eli Cyber Security

Knowledge belongs to the world

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store