Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10
CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day VulnerabilitiesSeptember 27, 2023
Frequently asked questions relating to vulnerabilities in Apple, Google and the open source libwebp library.
CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server VulnerabilitiesSeptember 27, 2023
A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution.
Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild
CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware GroupsSeptember 11, 2023
Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled.
A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors.
CVE-2023-2868: Barracuda and FBI Recommend Replacing Email Security Gateway (ESG) Devices ImmediatelyAugust 30, 2023
Since October 2022, attackers have been exploiting a zero-day vulnerability in Barracuda Email Security Gateway devices, and both the vendor and the FBI urge customers to replace these devices immediately.
For the third time in a month, Ivanti discloses a zero-day vulnerability in one of its products that has been exploited in the wild
Microsoft addresses 73 CVEs, including one vulnerability exploited in the wild.
A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022.
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access VulnerabilityJuly 25, 2023
Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
Oracle addresses 183 CVEs in its third quarterly update of 2023 with 508 patches, including 76 critical updates.