Vulnerabilities Exploitation of Critical Confluence Vulnerability Begins Threat actors have started exploiting a recent critical vulnerability in Confluence Data Center and Confluence Server. Ionut ArghireNovember 6, 2023
Malware & Threats Apache ActiveMQ Vulnerability Exploited as Zero-Day The recently patched Apache ActiveMQ vulnerability tracked as CVE-2023-46604 has been exploited as a zero-day since at least October 10. Eduard KovacsNovember 3, 2023
Vulnerabilities Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware A recently patched Apache ActiveMQ vulnerability tracked as CVE-2023-46604 is being exploited to deliver ransomware. Eduard KovacsNovember 2, 2023
Malware & Threats Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway Multiple threat actors are exploiting CVE-2023-4966, aka Citrix Bleed, a critical vulnerability in NetScaler ADC and Gateway. Ionut ArghireNovember 1, 2023
Malware & Threats Russian Hackers Caught Exploiting Roundcube Webmail Zero-Day Russian APT Winter Vivern exploits a zero-day in the Roundcube webmail server in attacks targeting European governments. Ionut ArghireOctober 25, 2023
Malware & Threats Number of Cisco Devices Hacked via Unpatched Vulnerability Increases to 40,000 The number of Cisco devices hacked via the CVE-2023-20198 zero-day has reached 40,000, including many in the US. Eduard KovacsOctober 19, 2023
Vulnerabilities Recent NetScaler Vulnerability Exploited as Zero-Day Since August Mandiant says the recently patched Citrix NetScaler vulnerability CVE-2023-4966 had been exploited as zero-day since August. Ionut ArghireOctober 18, 2023
Vulnerabilities US Gov Expects Widespread Exploitation of Atlassian Confluence Vulnerability CISA, FBI, and MS-ISAC warn of potential widespread exploitation of CVE-2023-22515, a critical vulnerability in Atlassian Confluence. Ionut ArghireOctober 17, 2023
Vulnerabilities Cisco Devices Hacked via IOS XE Zero-Day Vulnerability Cisco is warning customers that a new IOS XE zero-day vulnerability tracked as CVE-2023-20198 is being exploited to hack devices. Eduard KovacsOctober 17, 2023
Mobile & Wireless Apple Releases iOS 16 Update to Patch Exploited Vulnerability Apple has released iOS 16.7.1 and iPadOS 16.7.1 to patch CVE-2023-42824, a kernel vulnerability that has been exploited in attacks. Eduard KovacsOctober 12, 2023
Vulnerabilities CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability CISA has added five bugs to its Known Exploited Vulnerabilities catalog, including the recent WordPad, Skype, and HTTP/2 zero-days. Ionut ArghireOctober 11, 2023
Mobile & Wireless Android’s October 2023 Security Updates Patch Two Exploited Vulnerabilities The October 2023 security update for Android patches two vulnerabilities exploited in attacks, both likely linked to spyware vendors. Ionut ArghireOctober 3, 2023