Vulnerabilities CISA Warns of Progress Kemp LoadMaster Vulnerability Exploitation CISA is warning organizations that CVE-2024-1212, a Progress Kemp LoadMaster OS command injection vulnerability, is being exploited in attacks. Eduard KovacsNovember 20, 2024
Vulnerabilities Oracle Patches Exploited Agile PLM Zero-Day Oracle has patched a high-severity information disclosure zero-day in Agile PLM that has been exploited in the wild. Ionut ArghireNovember 20, 2024
Malware & Threats Apple Confirms Zero-Day Attacks Hitting macOS Systems Apple rushes out out major macOS and iOS security updates to cover a pair of vulnerabilities already being exploited in the wild. Ryan NaraineNovember 19, 2024
Malware & Threats VMware Discloses Exploitation of Hard-to-Fix vCenter Server Flaw The saga of VMWare’s critical CVE-2024-38812 vCenter Server bug has reached the “exploitation detected” stage. Ryan NaraineNovember 18, 2024
Vulnerabilities Palo Alto Networks Releases IoCs for New Firewall Zero-Day Palo Alto Networks has released IoCs for the attacks exploiting a newly uncovered firewall zero-day vulnerability. Eduard KovacsNovember 18, 2024
Vulnerabilities CISA Warns of Two More Palo Alto Expedition Flaws Exploited in Attacks CISA has added two more Palo Alto Networks Expedition flaws, CVE-2024-9463 and CVE-2024-9465, to its KEV catalog. Eduard KovacsNovember 15, 2024
Vulnerabilities Critical Plugin Flaw Exposed 4 Million WordPress Websites to Takeover Over 4 million WordPress websites were impacted by a critical Really Simple Security plugin vulnerability providing full administrative access. Ionut ArghireNovember 15, 2024
Vulnerabilities Palo Alto Networks Confirms New Firewall Zero-Day Exploitation Palo Alto Networks has confirmed that a zero-day is being exploited in attacks after investigating claims of a firewall remote code execution flaw. Eduard KovacsNovember 15, 2024
Vulnerabilities Windows Zero-Day Exploited by Russia Triggered With File Drag-and-Drop, Delete Actions The exploit for a new zero-day vulnerability in Windows is executed by deleting files, drag-and-dropping them, or right clicking on them. Ionut ArghireNovember 14, 2024
Vulnerabilities NIST Explains Why It Failed to Clear CVE Backlog NIST says all known exploited CVEs in the backlog have been addressed, but admitted that clearing the entire backlog by October was optimistic. Eduard KovacsNovember 14, 2024
Vulnerabilities Unpatched Flaw in Legacy D-Link NAS Devices Exploited Days After Disclosure Exploitation attempts targeting CVE-2024-10914, a recently disclosed ‘won’t fix’ vulnerability affecting outdated D-Link NAS devices. Eduard KovacsNovember 14, 2024
Malware & Threats Citrix, Cisco, Fortinet Zero-Days Among 2023’s Most Exploited Vulnerabilities Most of the top frequently exploited vulnerabilities in 2023 were initially exploited as zero-days, according to data from government agencies. Ionut ArghireNovember 13, 2024