Vulnerabilities PoC Code Published for Just-Disclosed Fortra GoAnywhere Vulnerability PoC code exploiting a critical Fortra GoAnywhere MFT vulnerability gets published one day after public disclosure. Ionut ArghireJanuary 24, 2024
Vulnerabilities Chrome 121 Patches 17 Vulnerabilities Google releases Chrome 121 to the stable channel with 17 security fixes, including 11 reported by external researchers. Ionut ArghireJanuary 24, 2024
Vulnerabilities Vulnerabilities in Lamassu Bitcoin ATMs Can Allow Hackers to Drain Wallets Hackers could exploit Lamassu Douro ATM vulnerabilities to take over devices, steal bitcoin from users. Ionut ArghireJanuary 23, 2024
Vulnerabilities High-Severity Vulnerability Patched in Splunk Enterprise The latest Splunk Enterprise releases patch multiple vulnerabilities, including a high-severity flaw in the Windows version. Ionut ArghireJanuary 23, 2024
Malware & Threats Apple Ships iOS 17.3, Warns of WebKit Zero-Day Exploitation Apple pushes out fresh versions of its iOS and macOS platforms to fix WebKit vulnerabilities being exploited as zero-day in the wild. Ryan NaraineJanuary 22, 2024
Vulnerabilities Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed. Eduard KovacsJanuary 22, 2024
Identity & Access New NTLM Hash Leak Attacks Target Outlook, Windows Programs Varonis finds one vulnerability and three attack methods that can be used to obtain NTLM hashes via Outlook and two Windows programs. Eduard KovacsJanuary 22, 2024
Nation-State Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half. Ionut ArghireJanuary 22, 2024
Malware & Threats CISA Issues Emergency Directive on Ivanti Zero-Days The US government’s cybersecurity agency CISA ramps up the pressure on organizations to mitigate two exploited Ivanti VPN vulnerabilities. Ryan NaraineJanuary 19, 2024
Vulnerabilities Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited list. Eduard KovacsJanuary 19, 2024
Vulnerabilities VMware vCenter Server Vulnerability Exploited in Wild VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. Eduard KovacsJanuary 19, 2024
ICS/OT Unpatched Rapid SCADA Vulnerabilities Expose Industrial Organizations to Attacks Seven vulnerabilities found in Rapid SCADA could be exploited to gain access to sensitive industrial systems, but they remain unpatched. Eduard KovacsJanuary 18, 2024