CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
October 2, 2023Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10
CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities
September 27, 2023Frequently asked questions relating to vulnerabilities in Apple, Google and the open source libwebp library.
CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities
September 27, 2023A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution. Update Octobe...
Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)
September 12, 2023Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild
CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware Groups
September 11, 2023Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled.
AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
September 7, 2023AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475 A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state...
CVE-2023-2868: Barracuda and FBI Recommend Replacing Email Security Gateway (ESG) Devices Immediately
August 30, 2023CVE-2023-2868: Barracuda and FBI Recommend Replacing Email Security Gateway (ESG) Devices Immediately Since October 2022, attackers have been exploiting a zero-day vulnerability in Barracuda Em...
CVE-2023-38035: Ivanti Sentry API Authentication Bypass Zero-Day Exploited in the Wild
August 22, 2023For the third time in a month, Ivanti discloses a zero-day vulnerability in one of its products that has been exploited in the wild
Microsoft’s August 2023 Patch Tuesday Addresses 73 CVEs (CVE-2023-38180)
August 8, 2023Microsoft addresses 73 CVEs, including one vulnerability exploited in the wild.
AA23-215A: 2022's Top Routinely Exploited Vulnerabilities
August 3, 2023AA23-215A: 2022's Top Routinely Exploited Vulnerabilities A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilitie...
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability
July 25, 2023Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
Oracle July 2023 Critical Patch Update Addresses 183 CVEs
July 19, 2023Oracle July 2023 Critical Patch Update Addresses 183 CVEs Oracle addresses 183 CVEs in its third quarterly update of 2023 with 508 patches, including 76 critical updates. Background On Ju...