Vulnerabilities Organizations Warned of Exploited Fortinet FortiOS Vulnerability CISA has added a FortinetFortiOS vulnerability tracked as CVE-2024-23113 to its Known Exploited Vulnerabilities (KEV) catalog. Ionut ArghireOctober 10, 2024
Vulnerabilities Firefox 131 Update Patches Exploited Zero-Day Vulnerability Mozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day. Ionut ArghireOctober 10, 2024
Vulnerabilities Ivanti Warns Customers of More CSA Zero-Days Exploited in Attacks Ivanti says a few more CSA zero-day vulnerabilities have been found to be exploited in attacks where they are chained with CVE-2024-8963. Eduard KovacsOctober 9, 2024
Vulnerabilities Qualcomm Alerted to Possible Zero-Day Exploited in Targeted Attacks Google and Amnesty have seen evidence that a Qualcomm chipset vulnerability tracked as CVE-2024-43047 may be exploited in the wild. Eduard KovacsOctober 8, 2024
Vulnerabilities Ivanti EPM Vulnerability Exploited in the Wild An Ivanti EPM SQL injection vulnerability tracked as CVE-2024-29824 has been exploited to target some of the company’s customers. Eduard KovacsOctober 3, 2024
Vulnerabilities Adobe Commerce Flaw Exploited to Compromise Thousands of Sites Over 4,000 Adobe Commerce and Magento stores unpatched against an exploited vulnerability have been compromised. Ionut ArghireOctober 3, 2024
Email Security Critical Zimbra Vulnerability Exploited One Day After PoC Release A critical-severity vulnerability in Zimbra has been exploited in the wild to deploy a web shell on vulnerable servers. Ionut ArghireOctober 2, 2024
Vulnerabilities Organizations Warned of Exploited SAP, Gpac and D-Link Vulnerabilities CISA warns that years-old vulnerabilities in SAP Commerce, Gpac framework, and D-Link DIR-820 routers are exploited in the wild. Ionut ArghireOctober 1, 2024
Vulnerabilities Third Recent Ivanti Vulnerability Exploited in the Wild CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild. Eduard KovacsSeptember 25, 2024
Vulnerabilities Ivanti Warns of Second CSA Vulnerability Exploited in Attacks In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited. Eduard KovacsSeptember 20, 2024
Malware & Threats CISA: Oracle Vulnerabilities From ‘Miracle Exploit’ Targeted in Attacks CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. Eduard KovacsSeptember 19, 2024
Vulnerabilities Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks. Eduard KovacsSeptember 17, 2024
Vulnerabilities Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024. Ionut ArghireSeptember 16, 2024
Vulnerabilities Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure The Ivanti Cloud Service Appliance vulnerability CVE-2024-8190 has been exploited in the wild, with attacks starting just days after disclosure. Eduard KovacsSeptember 16, 2024
Malware & Threats Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks. Eduard KovacsSeptember 9, 2024
Vulnerabilities Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild. Eduard KovacsSeptember 6, 2024
Vulnerabilities Apache Makes Another Attempt at Patching Exploited RCE in OFBiz The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks. Ionut ArghireSeptember 6, 2024
Network Security DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign Two DrayTek vulnerabilities added by CISA to its KEV catalog have been exploited by multiple threat groups to steal data from organizations worldwide. Eduard KovacsSeptember 5, 2024
Mobile & Wireless Android’s September 2024 Update Patches Exploited Vulnerability Google has released Android security updates to patch an exploited local privilege escalation vulnerability. Ionut ArghireSeptember 4, 2024
Nation-State WPS Office Zero-Day Exploited by South Korea-Linked Cyberspies A WPS Office zero-day vulnerability tracked as CVE-2024-7262 was exploited by South Korean hacker group APT-C-60. Eduard KovacsAugust 28, 2024