The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed a significant security vulnerability in the Citrix ShareFile storage zones controller in its Known Exploited Vulnerabilities (KEV) catalog, following credible assessments of active exploitation in the wild. This vulnerability, designated as CVE-2023-24489, holds a critical CVSS score of 9.8 and…
Recent findings from cybersecurity researchers have unveiled a sophisticated post-exploit technique on iOS 16 that could allow attackers to maintain covert access to Apple devices, even when users believe their devices are disconnected. This method leverages a deceptive form of Airplane Mode, manipulating the user interface to mislead victims while…
A new attack method termed NoFilter has emerged, leveraging the Windows Filtering Platform (WFP) for privilege escalation in the Windows operating system. This previously undetected approach poses significant risks as it could be exploited by threat actors to gain higher-level access without detection. Ron Ben Yizhak, a security researcher with…
Juniper Networks, a prominent player in networking hardware, has issued an urgent security update addressing multiple vulnerabilities within the J-Web component of Junos OS. These flaws have the potential to enable remote code execution on affected systems, raising significant concerns for users of the software. This “out-of-cycle” update highlights the…
A critical security vulnerability has been identified in the WinRAR software, posing a significant risk of remote code execution on Windows systems. This flaw, designated as CVE-2023-40477, has received a CVSS score of 7.8, indicating a high severity level. The vulnerability stems from improper validation during the processing of recovery…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included a significant security vulnerability affecting Adobe ColdFusion in its Known Exploited Vulnerabilities (KEV) catalog. This action follows evidence indicating active exploitation of the flaw. Cataloged as CVE-2023-26359, with a CVSS score of 9.8, this vulnerability pertains to a deserialization…
Recent cybersecurity reports indicate that thousands of Openfire XMPP servers remain vulnerable to a serious security flaw disclosed earlier this year. A report from VulnCheck highlights that these servers are unpatched and therefore at risk of being exploited by threat actors. The vulnerability, identified as CVE-2023-32315 and rated with a…
In 2023, the rise of cyber attacks targeting e-commerce platforms has accelerated, largely driven by the shift toward omnichannel retail and the proliferation of API interfaces. As threat actors continuously seek to exploit these vulnerabilities, it underscores the critical necessity for regular security testing and real-time monitoring to swiftly identify…
Unpatched Citrix NetScaler Systems Targeted in Suspected Ransomware Attack Recent developments in cybersecurity have revealed that unpatched Citrix NetScaler systems facing the internet are being exploited by unidentified threat actors, likely in the context of a ransomware operation. Cybersecurity firm Sophos has identified this activity cluster as STAC4663, which is…
