Microsoft March 2023 Patch Tuesday fixes 2 zero-days, 83 flaws
Nine vulnerabilities have been classified as 'Critical' for allowing remote code execution, denial of service, or elevation of privileges attacks
Read More...
Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb
Fortinet has released security updates for its FortiNAC and FortiWeb products, addressing two critical-severity vulnerabilities that may allow unauthenticated attackers to perform arbitrary code or command execution
Read More...
ESXiArgs ransomware attack targets VMware ESXi servers worldwide
Attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware
Read More...
CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks
The currently-patched critical flaws, tracked as CVE-2022-26500 and CVE-2022-26501, are rated 9.8 on the CVSS scoring system
Read More...
New Actively Exploited Zero-Day Vulnerability Discovered in Apple Products
Apple rolled out security updates to iOS, iPadOS, macOS, tvOS, and Safari web browsers to address a new zero-day vulnerability that results in remote code execution
Read More...
Fortinet says the SSL-VPN pre-auth RCE bug is exploited in attacks
Fortinet urges customers to patch their appliances against an actively exploited FortiOS SSL-VPN vulnerability that could allow unauthenticated remote code execution on devices
Read More...
Experts created a technique to bypass web application firewalls (WAF) of several major vendors
Researchers have verified that the bypass attack technique has worked against firewalls from multiple vendors, including Cloudflare, F5, Imperva, and Palo Alto Networks
Read More...
Malware Installs Malicious Browser Extensions to Steal Users’ Passwords and Cryptos
The distribution vector used to propagate ViperSoftX is typically achieved through cracked software for Adobe Illustrator and Microsoft Office that are hosted on file-sharing sites
Read More...
Google releases 165 YARA rules to detect Cobalt Strike attacks
The Google Cloud Threat Intelligence team has open-sourced YARA Rules and a VirusTotal Collection of indicators of compromise (IOCs) to help defenders detect Cobalt Strike components in their networks
Read More...
Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images
The purpose of the PNG files is to conceal a payload that's used to facilitate information theft
Read More...