![Apache Struts](https://img.helpnetsecurity.com/wp-content/uploads/2017/03/09104837/apache-struts-400x200.jpg)
Potential Apache Struts 2 RCE flaw fixed, PoCs released
Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability …
![vBulletin](https://img.helpnetsecurity.com/wp-content/uploads/2019/09/09093108/vbulletin-400x200.jpg)
Exploits for vBulletin zero-day released, attacks are ongoing
The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has …
![ManageEngine ADSelfService Plus](https://img.helpnetsecurity.com/wp-content/uploads/2020/08/10110422/adselfservice_plus-400x200.jpg)
Critical ManageEngine ADSelfService Plus RCE flaw patched
A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …
![printer](https://img.helpnetsecurity.com/wp-content/uploads/2020/05/14114130/printer-windows-400x200.jpg)
Researchers flag two zero-days in Windows Print Spooler
In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach …
![Cisco](https://img.helpnetsecurity.com/wp-content/uploads/2018/04/09101404/cisco-400x200.jpg)
Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data
An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by …
![Microsoft SharePoint](https://img.helpnetsecurity.com/wp-content/uploads/2019/05/09094326/microsoft_sharepoint-400x200.jpg)
Details and PoC for critical SharePoint RCE flaw released
Last week, a “wormable” remote code execution flaw in the Windows DNS Server service (CVE-2020-1350) temporarily overshadowed all the other flaws patched by Microsoft on July …
![Windows 10](https://img.helpnetsecurity.com/wp-content/uploads/2017/10/09102819/windows10-biohazard-400x200.jpg)
PoC RCE exploit for SMBGhost Windows flaw released
A security researcher has published a PoC RCE exploit for SMBGhost (CVE-2020-0796), a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions. The PoC …
![printer](https://img.helpnetsecurity.com/wp-content/uploads/2020/05/14114130/printer-windows-400x200.jpg)
Fear the PrintDemon? Upgrade Windows to patch easily exploited flaw
Among the vulnerabilities patched by Microsoft on May 2020 Patch Tuesday is CVE-2020-1048, a “lowly” privilege escalation vulnerability in the Windows Print …
![Cisco IP Phone](https://img.helpnetsecurity.com/wp-content/uploads/2020/04/16120846/cisco_ip_phone-400x200.jpg)
Using Cisco IP phones? Fix these critical vulnerabilities
Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS …
![Patch](https://img.helpnetsecurity.com/wp-content/uploads/2018/04/09101437/patch-400x200.jpg)
Microsoft releases patch for leaked SMBv3 RCE flaw
After the inadvertent leaking of details about a wormable Windows SMBv3 RCE flaw (CVE-2020-0796) on Tuesday, Microsoft has rushed to release a patch (i.e., security updates). …
![Chrome](https://img.helpnetsecurity.com/wp-content/uploads/2016/08/09110806/chrome-400x200.jpg)
Google fixes another Chrome zero-day exploited in the wild
For the third time in a year, Google has fixed a Chrome zero-day (CVE-2020-6418) that is being actively exploited by attackers in the wild. About CVE-2020-6418 No details have …
![tunnel](https://img.helpnetsecurity.com/wp-content/uploads/2018/06/09100728/tunnel-400x200.jpg)
A new RCE in OpenSMTPD’s default install, patch available
Less than a month after the patching of a critical RCE flaw in OpenSMTPD, OpenBSD’s mail server, comes another call to upgrade to the latest version, as two additional …
Featured news
Sponsored
Don't miss
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
- Risk related to non-human identities: Believe the hype, reject the FUD