-
New Fortinet RCE flaw in SSL VPN likely exploited in attacks
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.
- February 08, 2024
- 06:11 PM
1
-
Newest Ivanti SSRF zero-day now under mass exploitation
An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.
- February 05, 2024
- 10:55 AM
1
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
CISA warns of patched iPhone kernel bug now exploited in attacks
CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.
- January 31, 2024
- 02:02 PM
- 0
-
Exploits released for critical Jenkins RCE flaw, patch now
Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks.
- January 28, 2024
- 10:17 AM
- 0
-
Hackers target WordPress database plugin active on 1 million sites
Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.
- January 25, 2024
- 09:15 AM
- 2
-
Apple fixes first zero-day bug exploited in attacks this year
Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs.
- January 22, 2024
- 02:20 PM
- 0
-
Hackers start exploiting critical Atlassian Confluence RCE flaw
Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers.
- January 22, 2024
- 08:41 AM
- 0
-
CISA emergency directive: Mitigate Ivanti zero-days immediately
CISA issued this year's first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation by multiple threat actors.
- January 19, 2024
- 02:25 PM
- 0
-
VMware confirms critical vCenter flaw now exploited in attacks
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.
- January 19, 2024
- 08:22 AM
- 0
-
CISA: Critical Ivanti auth bypass bug now actively exploited
CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023) is now under active exploitation.
- January 18, 2024
- 03:51 PM
- 0
-
Citrix warns of new Netscaler zero-days exploited in attacks
Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.
- January 16, 2024
- 03:33 PM
- 0
-
Google fixes first actively exploited Chrome zero-day of 2024
Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year.
- January 16, 2024
- 02:13 PM
- 1
-
Ivanti Connect Secure zero-days now under mass exploitation
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation.
- January 15, 2024
- 08:05 PM
- 0
-
Ivanti Connect Secure zero-days exploited to deploy custom malware
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes.
- January 12, 2024
- 10:30 AM
- 0
-
CISA warns agencies of fourth flaw used in Triangulation spyware attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla.
- January 09, 2024
- 02:32 PM
- 0
-
Hackers target Apache RocketMQ servers vulnerable to RCE attacks
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582.
- January 05, 2024
- 12:32 PM
- 0
-
CISA warns of actively exploited bugs in Chrome and Excel parsing library
The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel.
- January 03, 2024
- 07:55 AM
- 0
-
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits.
- December 28, 2023
- 11:20 AM
- 0
-
QNAP VioStor NVR vulnerability actively exploited by malware botnet
A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm.
- December 16, 2023
- 11:17 AM
- 0
-
Hackers are exploiting critical Apache Struts flaw using public PoC
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
- December 13, 2023
- 11:19 AM
- 1
