ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
ConnectWise released a major advisory on February 19, 2024, addressing two extremely serious vulnerabilities affecting ScreenConnect versions 23.9.7 and earlier: […]
CVE-2024-22245: VMware Requests EAP Uninstall ASAP
This week, VMware published a security advisory addressing two vulnerabilities detected in the VMware Enhanced Authentication Plug-in (EAP): one recorded […]
CVE-2024-21413: Critical MonikerLink Vulnerability in Outlook
An intriguing vulnerability in how Outlook handles particular hyperlinks has been found, and threat actors have been known to use […]
CVE-2024-21762: Critical Fortinet FortiOS Vulnerability
Background Two serious FortiOS vulnerabilities were discovered by Fortinet’s FortiGuard on February 8, 2024. Unauthenticated threat actors may be able […]
CVE-2024-21893: New Ivanti Zero-Day Vulnerability Actively Exploited
Employees, partners, and clients may access business data and apps securely and under control with the help of Ivanti Connect […]
CVE-2024-21591: Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches
Junos OS simplifies and fine-tunes network operations, increasing operational efficiency and vital time and resources for top-line growth. Many of […]
CVE-2024-20272: Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability
Cisco recently resolved a significant security vulnerability in the Unity Connection. Unity Connection is a fully virtualized messaging and voicemail […]
CVE-2023-39336: SQL Injection Vulnerability in Ivanti Endpoint Manager
Ivanti Endpoint Manager is an all-in-one endpoint management solution. It provides a unified solution for managing user profiles and all […]
CVE-2023-7028: A Critical Vulnerability Affecting GitLab
GitLab is a web-based DevOps lifecycle solution developed by GitLab Inc. that provides unparalleled visibility and productivity throughout the whole […]
CVE-2023-50164: Apache Struts Path Traversal Vulnerability
Threat actors began attempting to exploit CVE-2023-50164, a critical-severity remote code execution (RCE) vulnerability affecting Apache Struts, an open-source framework […]
Enterprise Applications are at Risk from Serious Atlassian Vulnerabilities
Threat actors have historically targeted Atlassian vulnerabilities in products affected by the four vulnerabilities described below to achieve goals such […]
Critical Vulnerability Patched in SAP Business One Product
SAP, a well-known commercial software provider, has disclosed three new vulnerabilities in its Security Patch Day release for November 2023. […]
Exploitation of Apache ActiveMQ Vulnerability CVE-2023-46604
Rapid7 Managed Detection and Response (MDR) found potential exploitation of Apache ActiveMQ CVE-2023-46604 in two distinct customer scenarios on Friday, […]
CVE-2023-46747: Critical Authentication Bypass Vulnerability in F5 BIG-IP
BIG-IP, a comprehensive portfolio of hardware platforms and software solutions from F5 Networks, focuses on security, dependability, and performance. These […]
North Korean Attacks Exploiting JetBrains TeamCity Vulnerability
More than 30,000 clients worldwide use JetBrains’ TeamCity continuous integration and continuous deployment (CI/CD) server. Background: The program can be […]
CVE-2023-34039: Critical Authentication Bypass Vulnerability in VMware Aria Operations for Networks
The VMware Aria management and monitoring package provides full-scope operations management, IT automation, log management, analytics creation, network visibility, and […]
Lazarus Exploits a Zoho ManageEngine Vulnerability to Distribute QuiteRAT and CollectionRAT
A recently fixed vulnerability (CVE-2022-47966) affecting Zoho ManageEngine ServiceDesk Plus has been used by Lazarus, a North Korean state-sponsored APT […]
Cuba Ransomware Group Targets Critical Systems by Using Veeam Vulnerability
Using a mix of outdated and modern techniques, the Cuba ransomware group has been seen launching attacks against American critical […]
Alert Advisory: Citrix ADC Gateway RCE – CVE-2023-3519
In this blog post, we will explore the details of Citrix ADC vulnerability, its potential consequences, and the importance of […]
Rise in ICS Vulnerabilities
Due to concerns about interoperability, high uptime requirements, and occasionally the age of devices, patching vulnerabilities in industrial contexts has […]
ManageEngine RCE Vulnerability (CVE-2022-47966)
A remote code execution vulnerability (CVE-2022-47966) impacting a number of Zoho ManageEngine on-premise products with SAML SSO enabled has been […]
OWASSRF Exploit – Targeting Arbitrary Code Execution on Microsoft Exchange OWA
Two zero-day vulnerabilities in Microsoft Exchange were reportedly being actively exploited on September 29, 2022, with the potential to lead […]