VMware fixes bug exposing CF API admin credentials in audit logs
Threat actors who exploit this vulnerability can use the stolen credentials to push malicious app versions
Read More...
Apple fixes new zero-day used in attacks against iPhones, Macs
Attackers could exploit it on unpatched devices to modify sensitive kernel states
Read More...
Ivanti patches MobileIron zero-day bug exploited in attacks
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication
Read More...
Adobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw
While CVE-2023-38204 is the most critical flaw patched today, as its a remote code execution bug, it was not exploited in the wild
Read More...
New critical Citrix ADC and Gateway flaw exploited as zero-days
Exploits of CVE-2023-3519 on unmitigated appliances have been observed - customers urged to update vulnerable instances
Read More...
Fortinet warns of critical RCE flaw in FortiOS, FortiProxy devices
The Fortinet advisory has clarified that FortiOS products from the 6.0, 6.2, 6.4, 2.x, and 1.x release branches are not impacted by CVE-2023-33308
Read More...
SonicWall warns admins to patch critical auth bypass bugs immediately
Successful exploitation enables unauthorized access to data that would typically be inaccessible to an attacker
Read More...
Microsoft Releases Patches for 132 Vulnerabilities, Including 6 Under Active Attack
Without a patch for CVE-2023-36884, the company urges users to use the "Block all Office applications from creating child processes" attack surface reduction (ASR) rule
Read More...
VMware warns of exploit available for critical vRealize RCE bug
Successful exploitation enables threat actors to run arbitrary code as root following low-complexity attacks that don't require user interaction
Read More...
CISA: Netwrix Auditor RCE bug exploited in Truebot malware attacks
The bug (tracked as CVE-2022-31199) impacts the Netwrix Auditor server and the agents installed on monitored network systems and enables unauthorized attackers to execute malicious code with the SYSTEM user's privileges
Read More...