Vulnerabilities Fortinet Warns of New FortiOS Zero-Day Fortinet patches CVE-2024-21762, a critical remote code execution vulnerability that may have been exploited in the wild. Eduard KovacsFebruary 9, 2024
Vulnerabilities 45,000 Exposed Jenkins Instances Found Amid Reports of In-the-Wild Exploitation Shadowserver Foundation has seen 45,000 Jenkins instances affected by CVE-2024-23897, which may already be exploited in attacks. Eduard KovacsJanuary 31, 2024
Malware & Threats Hitron DVR Zero-Day Vulnerabilities Exploited by InfectedSlurs Botnet Akamai flags six zero-day vulnerabilities in Hitron DVRs exploited to ensnare devices in the InfectedSlurs botnet. Ionut ArghireJanuary 31, 2024
Vulnerabilities Hackers Targeting Critical Atlassian Confluence Vulnerability Days After Disclosure The Atlassian Confluence vulnerability CVE-2023-22527 is being exploited in the wild just days after it was disclosed. Eduard KovacsJanuary 22, 2024
Nation-State Chinese Spies Exploited VMware vCenter Server Vulnerability Since 2021 CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, had been exploited as zero-day for a year and a half. Ionut ArghireJanuary 22, 2024
Vulnerabilities Ivanti EPMM Vulnerability Targeted in Attacks as Exploitation of VPN Flaws Increases The number of Ivanti VPN appliances compromised through exploitation of recent flaws increases and another vulnerability is added to exploited list. Eduard KovacsJanuary 19, 2024
Vulnerabilities VMware vCenter Server Vulnerability Exploited in Wild VMware warns customers that CVE-2023-34048, a vCenter Server vulnerability patched in October 2023, is being exploited in the wild. Eduard KovacsJanuary 19, 2024
Vulnerabilities Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation Citrix is aware of attacks exploiting two new NetScaler ADC and Gateway zero-day vulnerabilities tracked as CVE-2023-6548 and CVE-2023-6549. Eduard KovacsJanuary 17, 2024
Malware & Threats Government, Military Targeted as Widespread Exploitation of Ivanti Zero-Days Begins The recently disclosed Ivanti VPN zero-days have been exploited to hack at least 1,700 devices, including government, telecoms, defense, and tech. Eduard KovacsJanuary 16, 2024
Malware & Threats CISA Urges Patching of Exploited SharePoint Server Vulnerability CISA has added a critical Microsoft SharePoint Server flaw (CVE-2023-29357) to its Known Exploited Vulnerabilities catalog. Ionut ArghireJanuary 11, 2024
Vulnerabilities CISA Warns of Apache Superset Vulnerability Exploitation CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog. Ionut ArghireJanuary 9, 2024
Vulnerabilities Critical Apache OFBiz Vulnerability in Attacker Crosshairs Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070. Eduard KovacsDecember 29, 2023