Cisco has issued critical security patches addressing several vulnerabilities, including one particularly severe flaw, potentially allowing threat actors to gain unauthorized control of affected systems or precipitate denial-of-service (DoS) conditions. The most critical vulnerability identified as CVE-2023-20238 has received a maximum CVSS severity rating of 10.0, relating to an authentication…
Apple Issues Urgent Security Patches for Exploited Zero-Day Vulnerabilities On Thursday, Apple announced the immediate release of emergency security updates for iOS, iPadOS, macOS, and watchOS to rectify two critical zero-day vulnerabilities. These flaws had already been leveraged in attacks to deploy the notorious Pegasus spyware developed by the NSO…
New Vulnerability Exposes Thousands of GitHub Repositories to Repojacking Attacks A recently disclosed vulnerability in GitHub has raised concerns about the security of thousands of repositories, putting them at risk for repojacking attacks. According to findings from Checkmarx security researcher Elad Rapoport, this flaw allows attackers to exploit a race…
On Tuesday, Mozilla released urgent security updates addressing a critical zero-day vulnerability affecting both Firefox and Thunderbird, identified as CVE-2023-4863. This flaw has been actively exploited in the wild, prompting the need for immediate remediation. The vulnerability pertains to a heap buffer overflow in the WebP image format, which could…
Adobe has issued a critical security patch as part of its September 2023 Patch Tuesday update, addressing a severe vulnerability in Acrobat and Reader software. The flaw, identified as CVE-2023-26369, poses a substantial risk by allowing attackers to execute malicious code on vulnerable systems, specifically those running on Windows and…
Microsoft has issued an update addressing 59 vulnerabilities across its suite of products, including two critical zero-day vulnerabilities that have already been exploited by malicious actors. This release highlights the ongoing threat landscape, with the tech giant emphasizing the risks posed by active exploitation of these flaws. Among the 59…
In a significant cybersecurity concern, a high-severity vulnerability has been revealed in N-Able’s Take Control Agent, a product utilized for remote management. This flaw, identified as CVE-2023-27470 and assigned a CVSS score of 8.8, could be exploited by local unprivileged attackers to escalate privileges to SYSTEM level, potentially compromising system…
Recent investigations have uncovered a series of memory corruption vulnerabilities within the ncurses library, which is instrumental for managing terminal displays on Unix-like operating systems, including Linux and macOS. These vulnerabilities, if exploited, could allow malicious actors to execute harmful code on susceptible systems, heightening the risk for organizations utilizing…
Trend Micro Issues Critical Patches for Exploited Flaw in Apex One and Worry-Free Solutions Cybersecurity firm Trend Micro has issued urgent patches to rectify a serious security vulnerability affecting its Apex One and Worry-Free Business Security solutions for Windows. This vulnerability, identified as CVE-2023-41179, has been linked to a third-party…
