Atlassian patches critical RCE flaws across multiple products
System administrators should prioritize applying the available updates
Read More...
Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.
Read More...
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
Cloud Director is a VMware platform that enables admins to manage data centers spread across multiple locations as Virtual Data Centers
Read More...
Google Chrome emergency update fixes 5th zero-day exploited in 2023
Google says that access to the zero-day's details might remain restricted until most users have updated their browser
Read More...
Hackers start exploiting critical ownCloud flaw, patch now
In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key
Read More...
VMware discloses critical VCD Appliance auth bypass
While VMware doesn't have a patch for this critical authentication bypass, the company provided admins with a temporary workaround until security updates are released
Read More...
Critical Azure CLI flaw found that leaked credentials in logs
They found that successful exploitation enables unauthenticated attackers to remotely access plain text contents written by Azure CLI to Continuous Integration and Continuous Deployment (CI/CD) logs
Read More...
Critical Flaws Discovered in Veeam ONE IT Monitoring Software – Patch Now
Over the past few months, critical flaws in the Veeam backup software have been exploited by multiple threat actors, including FIN7 and BlackCat ransomware, to distribute malware
Read More...
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP users are advised to apply the available security updates as soon as possible
Read More...
New Microsoft Exchange zero-days allow RCE, data theft attacks
All these vulnerabilities require authentication for exploitation, which reduces their severity CVSS rating to between 7.1 and 7.5
Read More...