This critical privilege escalation flaw affects Confluence Data Center and Server 8.0.0 and later and is remotely exploitable in low-complexity attacks that don't require user interaction
Read More...
The security update further resolves a severe privilege escalation bug in Windows IIS Server (CVE-2023-36434, CVSS score: 9.8) that could permit an attacker to impersonate and login as another user via a brute-force attack
Read More...
The flaw is a critical unauthenticated remote code execution bug discovered as a zero-day in July that impacts Citrix NetScaler ADC and NetScaler Gateway
Read More...
Customers using vulnerable Confluence Data Center and Server versions are advised to upgrade their instances as soon as possible to one of the fixed versions
Read More...
An attacker could exploit this vulnerability by using the account to log in to an affected system
Read More...
The zero-day (CVE-2023-42824) is caused by a weakness discovered in the XNU kernel that enables local attackers to escalate privileges on unpatched iPhones and iPads
Read More...
The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment
Read More...
An attacker can setup a custom domain with Cloudflare and point the DNS A record to victims IP address
Read More...
Since the start of the campaign, the attackers have uploaded 45 packages on npm (40) and PyPI (5), with variants in the code indicating a rapid evolution in the attack
Read More...
The vulnerability has been addressed in GitLab versions 16.3.4 and 16.2.7.
Read More...