vulnerability
Russian hackers target unpatched JetBrains TeamCity servers
Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish …
Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)
Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. …
Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware
North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D …
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)
The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code …
Atlassian fixes four critical RCE vulnerabilities, patch quickly!
Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could …
CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)
Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the …
21 high-risk vulnerabilities in OT/IoT routers found
Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The “SIERRA:21 – Living on the Edge” report features research …
Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and …
Qlik Sense flaws exploited in Cactus ransomware campaign
Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers …
Critical Zyxel NAS vulnerabilities patched, update quickly!
Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by …
PoCs for critical Arcserve UDP vulnerabilities released
Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been …
Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)
Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively …
Featured news
Resources
Don't miss
- CISOs, are your medical devices secure? Attackers are watching closely
- Cybersecurity classics: 10 books that shaped the industry
- NIST selects HQC as backup algorithm for post-quantum encryption
- NetBird: Open-source network security
- Burnout in cybersecurity: How CISOs can protect their teams (and themselves)