New Insights into Cisco Device Breaches: Evolving Threats A backdoor has been found in Cisco devices, implanted by exploiting two critical zero-day vulnerabilities in the IOS XE software. Security researchers from NCC Group’s Fox-IT report that the threat actor has upgraded this implant to evade previous detection methods. Their analysis…
Vulnerability Exploits in VMware and Citrix Raise Security Concerns VMware has issued a warning to its customers regarding a proof-of-concept (PoC) exploit linked to a recently addressed security vulnerability in Aria Operations for Logs. Known as CVE-2023-34051, this high-severity flaw carries a CVSS score of 8.1 and is characterized by…
VMware has issued urgent security updates to rectify a significant vulnerability in its vCenter Server software that poses a risk of remote code execution. This flaw, designated as CVE-2023-34048 and assigned a CVSS score of 9.8, is classified as an out-of-bounds write vulnerability associated with the DCE/RPC protocol. According to…
On October 11, 2023, the threat actor group known as Winter Vivern was detected exploiting a zero-day vulnerability in Roundcube webmail software, allowing them to harvest sensitive email messages from targeted accounts. According to ESET security researcher Matthieu Faou, the group has elevated its offensive by leveraging a newly discovered…
F5 Networks has issued a critical alert regarding a significant vulnerability affecting its BIG-IP software, raising serious concerns among business owners reliant on this technology. The flaw, identified as CVE-2023-46747, enables unauthenticated remote code execution, posing substantial risks to organizations that utilize this system. The vulnerability is traced back to…
Google has announced a significant expansion of its Vulnerability Rewards Program (VRP) to incentivize researchers to identify attack scenarios specifically targeting generative artificial intelligence systems. This initiative is part of a broader effort to enhance safety and security frameworks surrounding AI technologies. According to Google representatives Laurie Richardson and Royal…
Three High-Severity Vulnerabilities Found in NGINX Ingress Controller Recently, cybersecurity experts have reported the discovery of three unpatched, high-severity vulnerabilities in the NGINX Ingress controller for Kubernetes. These flaws pose a significant risk, as they can be exploited by malicious actors to access sensitive credentials stored within the cluster. The…
Atlassian has issued a critical security warning regarding a significant vulnerability in Confluence Data Center and Server, which poses the risk of substantial data loss if exploited by unauthenticated attackers. The vulnerability, identified as CVE-2023-22518, has been assigned a critical rating of 9.1 on the CVSS scale, categorizing it as…
The Forum of Incident Response and Security Teams (FIRST) has introduced CVSS v4.0, revamping the Common Vulnerability Scoring System standard for the first time in over eight years. This latest iteration follows the release of CVSS v3.0 in June 2015 and seeks to enhance precision in vulnerability assessment across various…
