Please turn on your JavaScript for this page to function normally.
North Korea
Private US companies targeted by Stonefly APT

Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat …

Active Directory
Active Directory compromise: Cybersecurity agencies provide guidance

Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that …

SolarWinds Web Help Desk
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by …

Ivanti
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation …

One Identity
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)

Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged …

FBI
FBI forced Flax Typhoon to abandon its botnet

A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director …

Foundation Software
Hackers breaching construction firms via specialized accounting software

Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. …

Ivanti
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)

CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, …

Veeam
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)

CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and …

Apache OFBiz
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)

For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to …

Fortra FileCatalyst
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)

Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting …

SolarWinds
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw …

Don't miss

Cybersecurity news