Zeljka Zorz
Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …
Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs
Researchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like …
Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)
May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) …
Attackers are attempting to exploit critical F5 BIG-IP RCE
Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, …
NIST updates guidance for cybersecurity supply chain risk management
The National Institute of Standards and Technology (NIST) has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks …
Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388)
F5 Networks‘ BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388. “This vulnerability may …
A checklist to help healthcare organizations respond to a serious cyberattack
How should organizations in the healthcare sector respond to outage due to a serious cyberattack? The Healthcare and Public Health Sector Coordinating Council’s (HSCC) …
Stealthy APT group plunders very specific corporate email accounts
An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments …
Phishers exploit Google’s SMTP Relay service to deliver spoofed emails
Phishers are exploiting a flaw in Google’s SMTP relay service to send malicious emails spoofing popular brands. Avanan researcher Jeremy Fuchs says that starting in April …
CMS-based sites under attack: The latest threats and trends
Payment card skimmers are becoming more common in exploit kits affecting WordPress websites and attackers are spending more time customizing them to avoid detection, …
Google offers 50% higher bounties for bugs in Android 13 Beta
Google has released Android 13 Beta 1 and has sent out a call for bug hunters: Find bugs in it, and you’ll get a 50% bonus reward payout. They should hurry up, though: …
Critical vulnerabilities open Synology, QNAP NAS devices to attack
Users of Synology and QNAP network-attached storage (NAS) devices are advised to be on the lookout for patches for several critical vulnerabilities affecting Netatalk, an …