Microsoft August 2023 Patch Tuesday warns of 2 zero-days, 87 flaws
This month's Patch Tuesday fixes two zero-day vulnerabilities, with both exploited in attacks and one of them publicly disclosed
Read More...
Malicious npm Packages Found Exfiltrating Sensitive Data from Developers
The harvested data, which could also contain credentials and valuable intellectual property, is ultimately transmitted to the server in the form of a ZIP archive file
Read More...
New PaperCut critical bug exposes unpatched servers to RCE attacks
PaperCut recently fixed a critical security vulnerability in its NG/MF print management software that allows unauthenticated attackers to gain remote code execution on unpatched Windows servers
Read More...
Microsoft fixes flaw discovered by Tenable
This created an opportunity for attackers to exploit unsecured Azure Function hosts and intercept OAuth client IDs and secrets
Read More...
Fake VMware vConnector package on PyPI targets IT pros
A malicious package that mimics the VMware vSphere connector module ‘vConnector’ was uploaded on the Python Package Index (PyPI) under the name VMConnect
Read More...
Threat actors abuse Google AMP for evasive phishing attacks
The AMP URLs trigger a redirection to a malicious phishing site, and this additional step also adds an analysis-disrupting layer
Read More...
Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
CVE-2023-2640 is a high-severity (CVSS v3 score: 7.8) vulnerability in the Ubuntu Linux kernel caused by inadequate permission checks allowing a local attacker to gain elevated privileges
Read More...
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
Attackers are directing users to websites that exploit the 'search-ms' functionality using JavaScript hosted on the page
Read More...
Atlassian Releases Patches for Critical Flaws in Confluence and Bamboo
If successfully exploited, could result in remote code execution on susceptible systems
Read More...
VMware fixes bug exposing CF API admin credentials in audit logs
Threat actors who exploit this vulnerability can use the stolen credentials to push malicious app versions
Read More...