Vulnerabilities in IT environments appear in different forms. The most common ones are likely software vulnerabilities that have not been patched. Then there are weak passwords, misconfigurations or network switches that have been EOL for five years. However, another type of security gap sometimes causes significant confusion during the scans: hardware vulnerabilities. We have become […]
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png00Dirk Boeinghttps://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.pngDirk Boeing2025-04-02 12:00:332025-10-01 13:52:59The CPU as a Weakness: how to Manage Hardware Risks with Confidence
CVE-2024-4577 (CVSS 9.8 Critical) is currently climbing the winners’ podium of the most malicious security vulnerabilities. Disclosed in early June 2024 by Devcore security researchers, weaponization began within a mere 48 hours. It is a PHP-CGI OS Command Injection vulnerability [CWE-78] impacting PHP for Windows. Attacks distributing “TellYouThePass” ransomware were immediately observed and the CVE […]
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png00Joseph Leehttps://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.pngJoseph Lee2025-03-26 13:48:592025-10-02 11:28:03Escalating Attacks Targeting CVE-2024-4577 in PHP-CGI for Windows
Two new CVEs in Apache Camel have been disclosed warranting immediate attention from users. On March 9, 2025, Apache disclosed CVE-2025-27636 (CVSS 5.6), a Remote Code Execution (RCE) flaw. Two days later, on March 11th, Akamai’s Security Intelligence Group (SIG) reported a bypass technique for the original patch, resulting in CVE-2025-29891 (CVSS 4.2) being published […]
The CPU as a Weakness: how to Manage Hardware Risks with Confidence
BlogVulnerabilities in IT environments appear in different forms. The most common ones are likely software vulnerabilities that have not been patched. Then there are weak passwords, misconfigurations or network switches that have been EOL for five years. However, another type of security gap sometimes causes significant confusion during the scans: hardware vulnerabilities. We have become […]
Escalating Attacks Targeting CVE-2024-4577 in PHP-CGI for Windows
BlogCVE-2024-4577 (CVSS 9.8 Critical) is currently climbing the winners’ podium of the most malicious security vulnerabilities. Disclosed in early June 2024 by Devcore security researchers, weaponization began within a mere 48 hours. It is a PHP-CGI OS Command Injection vulnerability [CWE-78] impacting PHP for Windows. Attacks distributing “TellYouThePass” ransomware were immediately observed and the CVE […]
Apache Camel Case-Sensitive Flaw May Forfeit Remote Command Execution
BlogTwo new CVEs in Apache Camel have been disclosed warranting immediate attention from users. On March 9, 2025, Apache disclosed CVE-2025-27636 (CVSS 5.6), a Remote Code Execution (RCE) flaw. Two days later, on March 11th, Akamai’s Security Intelligence Group (SIG) reported a bypass technique for the original patch, resulting in CVE-2025-29891 (CVSS 4.2) being published […]