Dell Compellent hardcoded key exposes VMware vCenter admin creds
This AES encryption key is used to encrypt the CITV configuration file containing the program's settings, including the entered vCenter admin credentials
Read More...
Malicious extensions can abuse VS Code flaw to steal auth tokens
Any extension running in VS Code, even malicious ones, can gain access to the Secret Storage and abuse Keytar to retrieve any stored tokens
Read More...
Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
This month's Patch Tuesday fixes two zero-day vulnerabilities, with both exploited in attacks and one of them publicly disclosed
Read More...
New PaperCut critical bug exposes unpatched servers to RCE attacks
PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote code execution on unpatched Windows servers
Read More...
Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo
If successfully exploited, could result in remote code execution on susceptible systems
Read More...
VMware fixes bug exposing CF API admin credentials in audit logs
Threat actors who exploit this vulnerability can use the stolen credentials to push malicious app versions
Read More...
Apple fixes new zero-day used in attacks against iPhones, Macs
Attackers could exploit it on unpatched devices to modify sensitive kernel states
Read More...
Ivanti patches MobileIron zero-day bug exploited in attacks
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication
Read More...
Adobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw
While CVE-2023-38204 is the most critical flaw patched today, as its a remote code execution bug, it was not exploited in the wild
Read More...
New critical Citrix ADC and Gateway flaw exploited as zero-days
Exploits of CVE-2023-3519 on unmitigated appliances have been observed - customers urged to update vulnerable instances
Read More...