A critical privilege escalation vulnerability in MikroTik RouterOS could allow remote attackers to execute arbitrary code, giving them complete control of vulnerable devices. This flaw, designated as CVE-2023-30799, carries a CVSS score of 9.1, indicating its severity. It is estimated that between 500,000 and 900,000 RouterOS systems might be exploited…
Ivanti has announced a significant security vulnerability affecting its Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. This flaw, referred to as CVE-2023-35081 and rated with a CVSS score of 7.8, has reportedly been leveraged in real-world exploit chains by threat actors. The vulnerability affects several supported versions of…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently revealed critical details regarding a sophisticated backdoor malicious software identified as SUBMARINE. This malware has reportedly been employed by threat actors in connection with an exploit targeting Barracuda Email Security Gateway (ESG) appliances, which has raised alarms within the cybersecurity landscape.…
Recent security vulnerabilities have been identified within the Ninja Forms plugin for WordPress, allowing potential exploitation by malicious actors to escalate their privileges and access sensitive information. These vulnerabilities, cataloged as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393, affect versions 3.6.25 and earlier. According to a report from Patchstack, the plugin is utilized…
Recent intelligence reports have revealed that advanced persistent threat (APT) actors have been actively exploiting a critical vulnerability in the Ivanti Endpoint Manager Mobile (EPMM) since at least April 2023. These attacks have specifically targeted entities in Norway, including governmental networks, prompting urgent advisories from cybersecurity authorities. This information was…
A sophisticated phishing campaign targeting Facebook users has been detected, exploiting a critical zero-day vulnerability within Salesforce’s email services. This exploit enables malicious actors to craft highly tailored phishing messages utilizing Salesforce’s domain and infrastructure, significantly increasing the chances of success. Researchers at Guardio Labs, Oleg Zaytsev and Nati Tal,…
Recent reports indicate that numerous Citrix NetScaler ADC and Gateway servers have suffered breaches orchestrated by cybercriminals deploying web shells. This information comes from the Shadowserver Foundation, which highlights a worrying trend in cybersecurity threats. The attacks exploit CVE-2023-3519, a severe code injection vulnerability that can facilitate unauthenticated remote code…
Microsoft Addresses Security Flaw in Power Platform Amid Criticism for Delayed Response On Friday, Microsoft announced it has remedied a significant security vulnerability affecting its Power Platform, although it faced backlash for not acting more swiftly. This flaw posed a risk of unauthorized access to Custom Code functions utilized in…
In its August 2023 Patch Tuesday updates, Microsoft has addressed a total of 74 vulnerabilities across its software suite, a significant decrease from the 132 vulnerabilities patched in the previous month. Among these, there are six classified as Critical, 67 as Important, and one as Moderate in severity. The latest…
