0-day

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)

0-day, Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, Mnemonic, MobileIron, News, security update, vulnerability /

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) 31/07/2023 at 16:32 By Helga Labus Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (CVE-2023-35078) affecting Ivanti EPMM having been exploited to target […]

React to this headline:

Loading spinner

Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) Read More »

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)

0-day, data theft, Don't miss, endpoint management, enterprise, Government, Hot stuff, Ivanti, MobileIron, News, Norway, security update /

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078) 25/07/2023 at 13:37 By Zeljka Zorz A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out an attack that affected 12 Norwegian ministries, the Norwegian National Security Authority (NSM) has confirmed on Tuesday. What is known about the attacks? On Monday,

React to this headline:

Loading spinner

Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078) Read More »

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, Kaspersky, macOS, News, security update, vulnerability /

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606) 25/07/2023 at 12:57 By Helga Labus Apple has patched an exploited zero-day kernel vulnerability (CVE-2023-38606) in iOS, iPadOS, macOS, watchOS and tvOS. CVE-2023-38606 fix has been backported In early July, Apple fixed an actively exploited zero-day vulnerability (CVE-2023-37450) in WebKit. The vulnerability has been patched

React to this headline:

Loading spinner

Apple fixes exploited zero-day in all of its OSes (CVE-2023-38606) Read More »

Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519)

0-day, CISA, Citrix, critical infrastructure, Don't miss, GreyNoise, Hot stuff, Incident Response, News /

Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519) 21/07/2023 at 14:19 By Zeljka Zorz The exploitation of the Citrix NetScaler ADC zero-day vulnerability (CVE-2023-3519) was first spotted by a critical infrastructure organization, who reported it to the Cybersecurity and Infrastructure Security Agency (CISA). “In June 2023, threat actors exploited this

React to this headline:

Loading spinner

Citrix ADC zero-day exploitatation: CISA releases details about attack on CI organization (CVE-2023-3519) Read More »

Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519)

0-day, Citrix, Don't miss, Hot stuff, News, security update, vulnerability /

Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519) 19/07/2023 at 12:34 By Helga Labus Citrix has patched three vulnerabilities (CVE-2023-3519, CVE-2023-3466, CVE-2023-3467) in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), one of which is a zero-day being exploited by attackers. A zero-day patched (CVE-2023-3519) CVE-2023-3519 is a remote

React to this headline:

Loading spinner

Citrix NetScaler zero-day exploited in the wild, patch is available (CVE-2023-3519) Read More »

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)

0-day, Adobe, Adobe ColdFusion, Don't miss, exploit, Hot stuff, News, Project Discovery, Rapid7, security update, vulnerability /

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203) 18/07/2023 at 17:17 By Zeljka Zorz Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with incomplete fixes On July 11, 2023,

React to this headline:

Loading spinner

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203) Read More »

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)

0-day, Don't miss, Hot stuff, News, open source, security update, Synacor, vulnerability /

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) 17/07/2023 at 14:47 By Helga Labus A critical cross site scripting (XSS) vulnerability (CVE-2023-34192) in popular open source email collaboration suite Zimbra is being exploited by attackers. About the vulnerability (CVE-2023-34192) CVE-2023-34192 could allow a remote authenticated threat actor to execute arbitrary code through a

React to this headline:

Loading spinner

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) Read More »

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)

0-day, BlackBerry, Cisco, cyber espionage, cybercrime, Don't miss, drivers, Google, Hot stuff, Microsoft, MS Office, News, Ransomware, rootkits, security update, Tenable, Trend Micro, Volexity, vulnerability, Windows /

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) 11/07/2023 at 22:31 By Zeljka Zorz For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks

React to this headline:

Loading spinner

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) Read More »

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) 11/07/2023 at 13:02 By Zeljka Zorz Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with a regular security update

React to this headline:

Loading spinner

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) Read More »

Apple fixes zero-day vulnerabilities used to covertly deliver spyware (CVE-2023-32435)

0-day, apple, Don't miss, Hot stuff, iOS, Kaspersky, macOS, News, security update, spyware /

Apple fixes zero-day vulnerabilities used to covertly deliver spyware (CVE-2023-32435) 22/06/2023 at 13:36 By Zeljka Zorz Apple has released patches for three zero-day vulnerabilities (CVE-2023-32434, CVE-2023-32435, CVE-2023-32439) exploited in the wild. The first two have been reported by Kaspersky researchers Georgy Kucherin, Leonid Bezvershenko and Boris Larin following their discovery of the iOS spyware implant

React to this headline:

Loading spinner

Apple fixes zero-day vulnerabilities used to covertly deliver spyware (CVE-2023-32435) Read More »

Exploited zero-day patched in Chrome (CVE-2023-3079)

0-day, Chrome, Don't miss, Google, Hot stuff, News, security update, vulnerability /

Exploited zero-day patched in Chrome (CVE-2023-3079) 07/06/2023 at 13:07 By Helga Labus Google has fixed a high-severity vulnerability in the Chrome browser (CVE-2023-3079) that is being exploited by attackers. About the vulnerability CVE-2023-3079 is a vulnerability that stems from a type confusion in the V8 JavaScript engine, and has been uncovered by Clément Lecigne of

React to this headline:

Loading spinner

Exploited zero-day patched in Chrome (CVE-2023-3079) Read More »

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims

0-day, British Airways, cybercrime, data theft, Don't miss, enterprise, extortion, Hot stuff, News, Orange Cyberdefense, Progress, Rapid7, SMBs, supply chain attacks /

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims 06/06/2023 at 13:50 By Zeljka Zorz The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are

React to this headline:

Loading spinner

MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims Read More »

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)

0-day, data theft, Don't miss, enterprise, extortion, file-sharing, Hot stuff, Mandiant, News, Rapid7, vulnerability /

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) 05/06/2023 at 15:10 By Zeljka Zorz The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many

React to this headline:

Loading spinner

MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) Read More »

MOVEit Transfer zero-day attacks: The latest info

0-day, attack, data theft, Don't miss, enterprise, file-sharing, Hot stuff, Huntress, News, Progress, Rapid7, TrustedSec, vulnerability /

MOVEit Transfer zero-day attacks: The latest info 02/06/2023 at 12:41 By Zeljka Zorz There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has updated the

React to this headline:

Loading spinner

MOVEit Transfer zero-day attacks: The latest info Read More »

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!

0-day, attack, Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, threat, vulnerability /

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! 01/06/2023 at 18:18 By Zeljka Zorz A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned

React to this headline:

Loading spinner

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! Read More »

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)

0-day, Barracuda Networks, Don't miss, email security, Hot stuff, News, vulnerability /

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) 25/05/2023 at 13:07 By Zeljka Zorz A vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About CVE-2023-2868 CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001

React to this headline:

Loading spinner

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) Read More »

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) 19/05/2023 at 14:19 By Zeljka Zorz Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that “may have been actively exploited.” The notes accompanying the updates also revealed that

React to this headline:

Loading spinner

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) Read More »

Scroll to Top