Recent security analyses have uncovered critical vulnerabilities within several platforms, notably the Honeywell Experion Distributed Control System (DCS) and QuickBlox, both of which pose substantial risks if exploited. The identified flaws have raised alarms for stakeholders, given the potential for severe system compromises. The vulnerabilities, collectively known as Crit.IX, encompass…
Recent intelligence has identified that malicious actors are actively exploiting a severe security vulnerability in the WooCommerce Payments WordPress plugin. This flaw is part of a large-scale, targeted campaign that threatens numerous websites reliant on the plugin. The vulnerability, identified as CVE-2023-28121 with a CVSS score of 9.8, is classified…
Each month, Cybersixgill’s threat experts provide insights into the latest tactics, techniques, and procedures employed by cybercriminals. Their reports shed light on emerging threats from the underground, detailing the actors involved and offering guidance on risk mitigation strategies. Regular updates on vulnerabilities, ransomware, and malware trends from the deep and…
Cybersecurity experts have identified a new peer-to-peer (P2P) worm named P2PInfect, which specifically targets vulnerable Redis installations for subsequent exploitation. Unlike many previous threats, P2PInfect can compromise Redis servers operating on both Linux and Windows platforms, making it a particularly formidable threat, as noted by researchers from Palo Alto Networks’…
Apache OpenMeetings Faces Critical Security Vulnerabilities Recent security findings have exposed multiple vulnerabilities in Apache OpenMeetings, a widely used web conferencing solution. These weaknesses could be exploited by malicious actors to potentially take control of administrative accounts and execute harmful code on compromised servers. The implications of these vulnerabilities could…
Recent disclosures have unveiled two significant security vulnerabilities within AMI MegaRAC Baseboard Management Controller (BMC) software, potentially enabling threat actors to remotely seize control of vulnerable servers and introduce malware. The identified vulnerabilities range in severity from High to Critical and include risks such as unauthenticated remote code execution and…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding an alarming vulnerability in Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices. This security flaw, which could lead to severe exploitation, enables threat actors to deploy web shells on affected systems. CISA disclosed that in…
In recent developments, several botnets exploiting a critical vulnerability in Zyxel networking devices have been identified. This particular flaw, discovered in April 2023, enables attackers to gain remote access to affected systems, heightening cybersecurity concerns across multiple regions, including Central and North America, along with parts of East and South…
Recent findings from cybersecurity firm Mandiant reveal significant zero-day vulnerabilities in Windows Installers associated with Atera’s remote monitoring and management software. These vulnerabilities could potentially be exploited to initiate privilege escalation attacks against affected systems. Identified on February 28, 2023, these vulnerabilities have been allocated the identifiers CVE-2023-26077 and CVE-2023-26078.…
