Malware & Threats CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild CISA released ICS advisories for FXC router and QNAP NRV flaws and added them to its known exploited vulnerabilities catalog. Eduard KovacsDecember 22, 2023
Vulnerabilities Recent Apache Struts 2 Vulnerability in Attacker Crosshairs Attackers are attempting to exploit a critical RCE flaw in Apache Struts 2 after researchers publish PoC code. Ionut ArghireDecember 15, 2023
Vulnerabilities Sophos Patches EOL Firewalls Against Exploited Vulnerability Sophos has patched EOL Firewall versions against a critical flaw exploited in the wild, after identifying a new exploit. Ionut ArghireDecember 13, 2023
Vulnerabilities Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes The Shadowserver Foundation warns of an increase in the number of devices hacked via recent Cisco IOS XE vulnerabilities. Ionut ArghireDecember 6, 2023
Ransomware Qlik Sense Vulnerabilities Exploited in Ransomware Attacks Qlik Sense vulnerabilities CVE-2023-41266, CVE-2023-41265 and CVE-2023-48365 exploited for initial access in Cactus ransomware attacks. Eduard KovacsNovember 30, 2023
Vulnerabilities Google Patches Seventh Chrome Zero-Day of 2023 The latest Chrome security update addresses the seventh exploited zero-day vulnerability documented in the browser in 2023. Ionut ArghireNovember 29, 2023
Malware & Threats Exploitation of Critical ownCloud Vulnerability Begins Threat actors have started exploiting a critical ownCloud vulnerability leading to sensitive information disclosure. Ionut ArghireNovember 28, 2023
Malware & Threats CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability CISA adds Sophos, Oracle and Microsoft product security holes to its Known Exploited Vulnerabilities (KEV) catalog. Eduard KovacsNovember 17, 2023
Email Security Zimbra Zero-Day Exploited to Hack Government Emails Google says a Zimbra zero-day from earlier this year, CVE-2023-37580, was exploited in several campaigns to hack government emails. Eduard KovacsNovember 16, 2023
Malware & Threats CISA Says SLP Vulnerability Allowing Amplified DoS Attacks Exploited in the Wild CISA says an SLP vulnerability allowing for a DoS amplification factor of 2,000 is being exploited in attacks. Ionut ArghireNovember 9, 2023
Ransomware SysAid Zero-Day Vulnerability Exploited by Ransomware Group CVE-2023-47246 zero-day vulnerability in SysAid IT service management software has been exploited by Cl0p ransomware affiliates. Eduard KovacsNovember 9, 2023
Cloud Security ‘Looney Tunables’ Glibc Vulnerability Exploited in Cloud Attacks Glibc vulnerability affecting major Linux distributions and tracked as Looney Tunables exploited in cloud attacks by Kinsing group. Eduard KovacsNovember 6, 2023