Fortinet has recently revealed a critical vulnerability affecting its FortiOS and FortiProxy platforms, identified as CVE-2023-27997, with a high CVSS score of 9.2. This flaw involves a heap-based buffer overflow in the SSL-VPN feature of these systems and could be exploited by remote attackers to execute arbitrary code through crafted…
Microsoft has recently released critical security updates aimed at addressing significant vulnerabilities in its Windows operating system and associated software. This rollout is part of the scheduled Patch Tuesday updates for June 2023. The update addresses a total of 73 vulnerabilities, categorized by severity as follows: six are marked as…
A critical security vulnerability has been identified within the WooCommerce Stripe Gateway plugin for WordPress, permitting potential unauthorized access to sensitive user information. This flaw, designated as CVE-2023-34000, affects versions up to 7.4.0 and was rectified in version 7.4.1, released on May 30, 2023. The WooCommerce Stripe Gateway plugin, integral…
New Cybersecurity Vulnerability Discovered in MOVEit Transfer Application Progress Software announced on Thursday that a newly identified security vulnerability, tracked as CVE-2023-35708, affects its MOVEit Transfer application. This revelation comes amidst ongoing cyber extortion efforts by the Cl0p ransomware group, targeting various companies utilizing this application. The vulnerability presents an…
Taiwan’s ASUS has announced the release of significant firmware updates aimed at resolving nine identified security vulnerabilities affecting a spectrum of its router models. This announcement, made on Monday, underscores the scale of the potential impact, as the flaws span across popular devices within their product line. Among the identified…
Zyxel Networks has issued security updates to mitigate a critical vulnerability affecting its line of network-attached storage (NAS) devices. This flaw poses a significant security risk, allowing unauthorized users to execute arbitrary commands on the compromised systems. The vulnerability, identified as CVE-2023-27992 with a CVSS score of 9.8, is classified…
Security Flaws Discovered in Wago and Schneider Electric Operational Technology Products Recent findings have revealed three significant security vulnerabilities affecting operational technology (OT) products developed by Wago and Schneider Electric. According to reports from Forescout, these vulnerabilities are part of a more extensive collection of issues known collectively as OT:ICEFALL,…
VMware has announced that a critical command injection vulnerability, designated as CVE-2023-20887, in Aria Operations for Networks (formerly known as vRealize Network Insight), is currently being exploited in the wild. This breach allows attackers with network access to perform command injection attacks, potentially leading to remote code execution. The vulnerability…
A newly identified malware strain, known as Condi, is leveraging a vulnerability found in TP-Link Archer AX21 (AX1800) Wi-Fi routers to integrate these devices into a distributed denial-of-service (DDoS) botnet. This campaign, according to Fortinet’s FortiGuard Labs, has intensified since late May 2023, marking a significant escalation in cyber threats…