A new cyber incident has emerged involving an unknown threat actor exploiting a vulnerability in Fortinet’s FortiOS software. The attack has resulted in significant data loss and corruption of operating systems and files, primarily targeting government entities and large organizations. Fortinet researchers Guillaume Lovet and Alex Kong, in an advisory…
In its March 2023 Patch Tuesday update, Microsoft disclosed fixes for 80 security vulnerabilities, two of which have been actively exploited in the wild. These vulnerabilities target critical components within the Microsoft ecosystem, with eight categorized as Critical, 71 as Important, and one as Moderate in severity. This update continues…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a significant security flaw within Adobe ColdFusion, listing it in its Known Exploited Vulnerabilities (KEV) catalog as of March 15. The inclusion follows evidence of active exploitation targeting the critical vulnerability, recorded as CVE-2023-26360, which bears a CVSS score of…
In 2022, a total of 55 zero-day vulnerabilities were actively exploited in the wild, primarily affecting software developed by major tech companies including Microsoft, Google, and Apple. This figure shows a decrease from the previous year’s alarming count of 81 zero-day exploits, yet it highlights an ongoing trend where threat…
Critical Vulnerability Discovered in WooCommerce Payments Plugin A severe security vulnerability has been identified in the WooCommerce Payments plugin utilized by over 500,000 WordPress websites. This flaw poses a significant risk, enabling unauthorized actors to gain admin access to affected online stores, as noted in a security advisory issued on…
Microsoft recently released important guidance for its users following the discovery of a significant vulnerability in Outlook, designated as CVE-2023-23397, which carries a high CVSS score of 9.8. This critical flaw primarily involves privilege escalation, enabling attackers to exploit it for the theft of NT LAN Manager (NTLM) hashes, potentially…
Recent investigations by Google’s Threat Analysis Group (TAG) have uncovered the exploitation of several zero-day vulnerabilities last year, employed by commercial spyware vendors to target mobile devices on both Android and iOS platforms. These two separate yet focused campaigns exploited the vulnerability gap that occurs between the announcement of fixes…
Recent developments have spotlighted a security vulnerability in the Elementor Pro plugin, a popular tool for building websites on the WordPress platform. Threat actors are currently exploiting a newly-disclosed weakness that was patched in version 3.11.7, which was released on March 22, 2023. The vulnerability, categorized as a case of…
Cyber Threat Actors Exploit Critical Vulnerabilities in Cacti, Realtek, and IBM Aspera Faspex Recent cyberattacks have exposed critical security vulnerabilities in multiple systems, notably Cacti, Realtek, and IBM Aspera Faspex, amid ongoing exploitation by various threat actors targeting unpatched installations. This surge in activity highlights the pressing need for organizations…