The hidden picture of malware attack trends
Despite the decline in network-detected malware in Q4 2022, endpoint ransomware spiked by 627%, while malware associated with phishing campaigns persisted as a threat, …
Prevent and detect Adobe ColdFusion exploitation (CVE-2023-26360, CVE-2023-26359)
When Adobe released security updates for its ColdFusion application development platform last month, it noted that one of the vulnerabilities (CVE-2023-26360) had been …
What you need before the next vulnerability hits
Cyberattacks tend to come from two angles: criminals take advantage of employees with privileged access or of security weaknesses in your hardware/software infrastructure. …
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly …
PoC exploit, IoCs for Fortinet FortiNAC RCE released (CVE-2022-39952)
Horizon3.ai’s Attack Team has released a PoC exploit for CVE-2022-39952, a critical vulnerability affecting FortiNAC, Fortinet’s network access control solution. …
Fortinet plugs critical security hole in FortiNAC, with a PoC incoming (CVE-2022-39952)
Fortinet has dropped fixes for 40 vulnerabilities in a variety of its products, including two critical vulnerabilities (CVE-2022-39952, CVE-2021-42756) affecting its FortiNAC …
Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)
Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker …
FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475)
A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental …
Rackspace ransomware attack was executed by using previously unknown security exploit
The MS Exchange exploit chain recently revealed by Crowdstrike researchers is how the Play ransomware gang breached the Rackspace Hosted Exchange email environment, the …
New Microsoft Exchange exploit chain lets ransomware attackers in (CVE-2022-41080)
Ransomware-wielding attackers are using a new exploit chain that includes one of the ProxyNotShell vulnerabilities (CVE-2022-41082) to achieve remote code execution on …
Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)
A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the …
Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount
Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, …
Featured news
Resources
Don't miss
- Mastering the cybersecurity tightrope of protection, detection, and response
- PRevent: Open-source tool to detect malicious code in pull requests
- Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
- Hackers pose as employers to steal crypto, login credentials
- Unknown and unsecured: The risks of poor asset visibility