Network Security DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign Two DrayTek vulnerabilities added by CISA to its KEV catalog have been exploited by multiple threat groups to steal data from organizations worldwide. Eduard KovacsSeptember 5, 2024
Vulnerabilities Second Apache OFBiz Vulnerability Exploited in Attacks CISA is warning organizations that a second Apache OFBiz flaw is being exploited in the wild shortly after the release of PoC exploits. Eduard KovacsAugust 28, 2024
Vulnerabilities CISA Warns of Exploited Vulnerabilities Impacting Dahua Products CISA warns that attackers are exploiting two critical-severity authentication bypass vulnerabilities impacting multiple Dahua products. Ionut ArghireAugust 22, 2024
Vulnerabilities Organizations Warned of Exploited GeoServer Vulnerability CISA says it has evidence that a recent critical-severity vulnerability in GeoServer is exploited in the wild. Ionut ArghireJuly 16, 2024
Vulnerabilities CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild. Ionut ArghireJune 27, 2024
Malware & Threats CISA Warns of Progress Telerik Vulnerability Exploitation CISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible. Ionut ArghireJune 14, 2024
Malware & Threats CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability CISA has added an old Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog. Eduard KovacsJune 4, 2024
Vulnerabilities CISA Warns of Exploited Linux Kernel Vulnerability CISA instructs federal agencies to mitigate CVE-2024-1086, a Linux kernel flaw leading to privilege escalation. Ionut ArghireMay 31, 2024
Government CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. Eduard KovacsMay 21, 2024
Vulnerabilities CISA Warns of Exploited Vulnerabilities in EOL D-Link Products CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw. Ionut ArghireMay 17, 2024
Vulnerabilities CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation CISA warns organizations of a two-year-old Windows Print Spooler vulnerability being exploited in the wild. Ionut ArghireApril 24, 2024
Application Security SAP Applications Increasingly in Attacker Crosshairs, Report Shows Malicious hackers are targeting SAP applications at an alarming pace, according to warnings from Onapsis and Flashpoint. Ionut ArghireApril 18, 2024