The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a newly patched vulnerability affecting Microsoft’s .NET and Visual Studio products in its Known Exploited Vulnerabilities (KEV) catalog. This decision comes in response to evidence indicating that the flaw is actively being exploited in the wild. This vulnerability, tracked…
A recent disclosure has revealed a series of 16 high-severity security vulnerabilities in the CODESYS V3 software development kit (SDK). This suite of flaws could potentially lead to remote code execution and denial-of-service conditions, thereby posing significant risks to operational technology (OT) sectors. The vulnerabilities, tracked from CVE-2022-47378 to CVE-2022-47393…
A significant security vulnerability has been revealed in the URL parsing function of Python, posing a serious risk where attackers could exploit it to circumvent domain and protocol filtering mechanisms that rely on blocklists. This could lead to unauthorized file readings and arbitrary command executions. The CERT Coordination Center (CERT/CC)…
Recent reports indicate that almost 2,000 Citrix NetScaler instances have been compromised through the exploitation of a newly disclosed critical security vulnerability. This backdoor attack forms part of an extensive exploitation campaign targeting these widely used servers. The NCC Group has identified that adversaries leveraged CVE-2023-3519 to automate the deployment…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed a significant security vulnerability in the Citrix ShareFile storage zones controller in its Known Exploited Vulnerabilities (KEV) catalog, following credible assessments of active exploitation in the wild. This vulnerability, designated as CVE-2023-24489, holds a critical CVSS score of 9.8 and…
Recent findings from cybersecurity researchers have unveiled a sophisticated post-exploit technique on iOS 16 that could allow attackers to maintain covert access to Apple devices, even when users believe their devices are disconnected. This method leverages a deceptive form of Airplane Mode, manipulating the user interface to mislead victims while…
A new attack method termed NoFilter has emerged, leveraging the Windows Filtering Platform (WFP) for privilege escalation in the Windows operating system. This previously undetected approach poses significant risks as it could be exploited by threat actors to gain higher-level access without detection. Ron Ben Yizhak, a security researcher with…
Juniper Networks, a prominent player in networking hardware, has issued an urgent security update addressing multiple vulnerabilities within the J-Web component of Junos OS. These flaws have the potential to enable remote code execution on affected systems, raising significant concerns for users of the software. This “out-of-cycle” update highlights the…
A critical security vulnerability has been identified in the WinRAR software, posing a significant risk of remote code execution on Windows systems. This flaw, designated as CVE-2023-40477, has received a CVSS score of 7.8, indicating a high severity level. The vulnerability stems from improper validation during the processing of recovery…
