On March 15 2023, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security vulnerability affecting Adobe ColdFusion to its Known Exploited Vulnerabilities catalog, based on evidence of active exploitation. This vulnerability, labeled CVE-2023-26360 (CVSS score: 8.6), is classified…
Unknown threat actors have exploited a security flaw in Fortinet’s FortiOS software to gain access to data, cause OS and file corruption, and potentially lead to other malicious activities. The vulnerability, CVE-2022-41328, is a path traversal bug with a CVSS…
Fortinet has identified and fixed 15 security flaws, one of which a critical vulnerability located in FortiOS and FortiProxy. CVE-2023-25610 Technical Overview The vulnerability, identified as CVE-2023-25610, has a severity rating of 9.3 out of 10 on the CVSS scale,…
CVE-2022-36537 is a highly severe vulnerability in the ZK Framework, that CISA (Cybersecurity and Infrastructure Security Agency) just added to its exploit catalogue. Apparently, the vulnerability has been leveraged in the wild in attacks which can lead to retrieving sensitive…
The second Patch Tuesday for 2023 has just rolled out, fixing a total of 75 loopholes across various Microsoft products. Three zero-days were fixed, as well as a critical RCE bug in Microsoft Word which could easily be exploited by…
If you’re an Apple user with various devices, you should pay close attention to the latest updates the company just released. More specifically, security updates for macOS, iOS, iPadOS, and Safari were rolled out to fix a zero-day that has…
OpenSSH contains several new security vulnerabilities, one of which is the critical CVE-2023-25136. The flaw is a pre-authentication double free issue which was introduced in OpenSSH version 9.1. The vulnerability has been addressed in OpenSSH 9.2. The other good news…
CVE-2021-35394 is a critical, remote code execution security vulnerability that affects Realtek Jungle SDK. Rated 9.8 on the CVSS 3.x Severity and Metrics scale, the vulnerability has been weaponized by attackers in ongoing malicious campaigns which were initiated in August…
VMware vRealize Log is vulnerable to several critical security vulnerabilities (CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711). The vulnerabilities were privately reported to the company. Both updates and workarounds are already available to fix the issues. CVE-2022-31706 CVE-2022-31706 is a directory traversal vulnerability.…
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, many of which are rated as critical, and one is actively exploited in the wild. More specifically, 11 of the vulnerabilities have…
CVE-2022-23529 is a new security vulnerability in the JSONWebToken open source project. The issue was discovered by Unit 42 researchers, and has been rated 7.6 on the CVSS scale (high severity). What Is the JSONWebToken Open Source Project? JSONWebToken is…
CVE-2022-39947 is a new, high severity security vulnerability in FortiADC product – an advanced application and database delivery controller from Fortinet. The vulnerability is a command injection issue in the product’s web interface, and has been rated 8.6 out of…
Cisco Talos researchers recently discovered a critical vulnerability in Ghost CMS, a popular open source content management and newsletter subscription system, designated as CVE-2022-41654. The vulnerability has the potential to allow external users (newsletter subscribers) to create newsletters and add…
The Zerobot botnet is making the headlines once again in a new campaign exploiting a range of security vulnerabilities. The malware spreads primarily through Internet of Things (IoT) and web application vulnerabilities, presenting a serious risk to organizations. Zerobot: What…
A new dangerous vulnerability has been discovered in macOS. The vulnerability, tracked as CVE-2022-42821, could allow a malicious actor to gain full control of a macOS system. CVE-2022-42821: What Is Known So Far? Microsoft recently discovered a major security vulnerability…
Security researchers have identified four critical vulnerabilities in Samba, a popular open-source file sharing program. New Severe Vulnerabilities in Samba Allow RCE, Most Severe of Which Is CVE-2022-38023 The vulnerabilities, identified as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, could allow an…
According to cybersecurity reports, a new variant of the recently emerged Agenda ransomware has surfaced, written in the Rust programming language and specifically designed to target critical infrastructure. This new Agenda variant is concerning to security experts because of its…
Another Microsoft Patch Tuesday has rolled out, fixing a total of 49 vulnerabilities. In terms of severity and impact, six of these vulnerabilities are critical, 40 important, and the rest – moderate. Microsoft December 2022 Patch Tuesday: Affected Products So,…
CVE-2022-27518 is a newly detected Citrix vulnerability, currently exploited in attacks. The zero-day is located in Citrix ADC and Gateway, and could allow an unauthenticated remote threat actor to take over an exposed device. What Is Known about CVE-2022-27518? According…
CVE-2022-42475 is a newly reported zero-day and a highly severe vulnerability in FortiOS that could trigger remote code execution. The vulnerability has been exploited in the wild, and affected organizations should apply the patch immediately. CVE-2022-42475: What Is Known So…
