CISA Alerts on New Vulnerabilities Affecting JetBrains and Microsoft Windows On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog by adding two critical security flaws that are currently under active exploitation. The new entries underscore a growing concern among cybersecurity professionals regarding…
Recently, the maintainers of the Curl library issued a warning regarding two significant security vulnerabilities, which are slated for resolution in an upcoming update scheduled for October 11, 2023. This advisory pertains to vulnerabilities designated as CVE-2023-38545, classified as high-severity, and CVE-2023-38546, noted as low-severity. Details regarding the specific version…
Recent findings have unveiled multiple critical security vulnerabilities in ConnectedIO’s ER2000 edge routers and associated cloud management platform that can be exploited by cybercriminals to run malicious code and gain access to sensitive information. This revelation poses a serious risk to numerous organizations that rely on these technologies. The vulnerabilities…
Recent disclosures have revealed a significant security vulnerability affecting the libcue library, which supports GNOME Linux systems. This flaw, tracked as CVE-2023-43641, has been assigned a high CVSS score of 8.8, indicating its potential severity. The vulnerability stems from memory corruption associated with the libcue library, specifically affecting versions 2.2.1…
In a concerning escalation of cybersecurity threats, Amazon Web Services (AWS), Cloudflare, and Google reported significant progress in defending against unprecedented distributed denial-of-service (DDoS) attacks that utilize a new exploit known as HTTP/2 Rapid Reset. This emerging vulnerability has raised alarms due to its ability to launch large-scale attacks efficiently.…
Microsoft has recently identified a link between the exploitation of a critical vulnerability in Atlassian Confluence Data Center and Server, marked as CVE-2023-22515, and a state-sponsored group known as Storm-0062 (also referred to as DarkShadow or Oro0lxy). This critical flaw is a privilege escalation vulnerability that has been actively exploited…
In its October 2023 Patch Tuesday update, Microsoft has addressed a total of 103 vulnerabilities across its software platforms, including two critical zero-day vulnerabilities actively exploited in the wild. This update highlights the ongoing importance of patch management in maintaining cybersecurity defenses. Among the identified vulnerabilities, 13 are categorized as…
Image Source: JFrog Security Research Recent patches have been issued to address two significant vulnerabilities in the Curl data transfer library. These flaws pose a considerable risk, especially one that could potentially lead to remote code execution, drawing the attention of cybersecurity professionals and business owners alike. The vulnerabilities include…
Encrypted messaging platform Signal has responded to widespread claims concerning a potential zero-day vulnerability, asserting that no evidence corroborates the reports. Following thorough internal investigation, the company stated it has found no indications that such a flaw exists. Signal emphasized that additional information has not been communicated through official channels,…
