vulnerability
GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)
GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. The flaw may allow a …
Fake WinRAR PoC spread VenomRAT malware
An unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread …
Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)
Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in …
Kubernetes vulnerability allows RCE on Windows endpoints (CVE-2023-3676)
Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows …
Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863)
Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) …
The blueprint for a highly effective EASM solution
In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management …
Email forwarding flaws enable attackers to impersonate high-profile domains
Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by …
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)
A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access …
Old vulnerabilities are still a big problem
A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote …
Atlas VPN zero-day allows sites to discover users’ IP address
Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day …
VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)
VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network …
Ransomware group exploits Citrix NetScaler systems for initial access
A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as …
Featured news
Resources
Don't miss
- Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)
- Where policy meets profit: Navigating the new frontier of defense tech startups
- Four arrested in connection with M&S, Co-op ransomware attacks
- Ruckus network management solutions riddled with unpatched vulnerabilities
- What EU’s PQC roadmap means on the ground