Latest Vulnerability news

New Microsoft Exchange zero-days allow RCE, data theft attacks

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
- Bill Toulas
- November 03, 2023
- 11:14 AM
- 3
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks

A remote code execution (RCE) flaw impacting Apache ActiveMQ has been under active exploitation by threat actors who use HelloKitty ransomware payloads.
- Bill Toulas
- November 02, 2023
- 12:21 PM
- 0
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide

Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region.
- Bill Toulas
- November 01, 2023
- 02:46 PM
- 0
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability.
- Bill Toulas
- November 01, 2023
- 02:05 PM
- 0
Hackers exploit recent F5 BIG-IP flaws in stealthy attacks

F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution.
- Bill Toulas
- November 01, 2023
- 10:52 AM
- 0
RCE exploit for Wyze Cam v3 publicly released, patch now

A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
- Bill Toulas
- October 30, 2023
- 04:46 PM
- 1
HackerOne paid ethical hackers over $300 million in bug bounties

HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception.
- Bill Toulas
- October 28, 2023
- 11:17 AM
- 0
F5 fixes BIG-IP auth bypass allowing remote code execution attacks

A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.
- Bill Toulas
- October 27, 2023
- 11:11 AM
- 0
Critical RCE flaws found in SolarWinds access audit solution

Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.
- Bill Toulas
- October 20, 2023
- 10:59 AM
- 1
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day

More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198.
- Ionut Ilascu
- October 19, 2023
- 09:08 PM
- 0
North Korean hackers exploit critical TeamCity flaw to breach networks

Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks.
- Lawrence Abrams
- October 18, 2023
- 06:33 PM
- 0
Recently patched Citrix NetScaler bug exploited as zero-day since August

A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced.
- Bill Toulas
- October 18, 2023
- 07:01 AM
- 1
Signal says there is no evidence rumored zero-day bug is real

Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the 'Generate Link Previews' feature, stating that there is no evidence this vulnerability is real.
- Lawrence Abrams
- October 16, 2023
- 02:04 AM
- 1
CISA shares vulnerabilities, misconfigs used by ransomware gangs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks.
- Sergiu Gatlan
- October 13, 2023
- 10:55 AM
- 0
Hyped up curl vulnerability falls short of expectations

curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38545), easing week-long concerns regarding the flaw's severity.
- Lawrence Abrams
- October 12, 2023
- 09:23 AM
- 1
Microsoft: State hackers exploiting Confluence zero-day since September

Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.
- Bill Toulas
- October 11, 2023
- 10:29 AM
- 0
Mirai DDoS malware variant expands targets with 13 router exploits

A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others.
- Bill Toulas
- October 10, 2023
- 04:35 PM
- 1
Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws

Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
- Lawrence Abrams
- October 10, 2023
- 01:49 PM
- 5
New critical Citrix NetScaler flaw exposes 'sensitive' data

Citrix NetScaler ADC and NetScaler Gateway are impacted by a critical severity flaw that allows the disclosure of sensitive information from vulnerable appliances.
- Bill Toulas
- October 10, 2023
- 11:53 AM
- 0
New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records

A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.
- Bill Toulas
- October 10, 2023
- 10:12 AM
- 0