Progress Software has announced the identification and resolution of a critical SQL injection vulnerability within MOVEit Transfer, software widely utilized for secure file transfers. Alongside this, the company has addressed two additional high-severity vulnerabilities that also pose significant security risks. The SQL injection vulnerability, designated as CVE-2023-36934, could enable unauthenticated…
On Tuesday, Microsoft announced the release of significant software updates addressing a total of 132 security vulnerabilities, among which are six zero-day flaws that have been actively exploited by cybercriminals. This update reflects a substantial effort to fortify their software against ongoing threats, underlining the vulnerabilities present across multiple platforms.…
Zimbra has issued a warning regarding a critical zero-day vulnerability affecting its email software, which has reportedly been exploited in active attacks. This security flaw is present in the Zimbra Collaboration Suite Version 8.8.15 and poses significant threats to the confidentiality and integrity of user data. In an advisory, the…
Recent security analyses have uncovered critical vulnerabilities within several platforms, notably the Honeywell Experion Distributed Control System (DCS) and QuickBlox, both of which pose substantial risks if exploited. The identified flaws have raised alarms for stakeholders, given the potential for severe system compromises. The vulnerabilities, collectively known as Crit.IX, encompass…
Recent intelligence has identified that malicious actors are actively exploiting a severe security vulnerability in the WooCommerce Payments WordPress plugin. This flaw is part of a large-scale, targeted campaign that threatens numerous websites reliant on the plugin. The vulnerability, identified as CVE-2023-28121 with a CVSS score of 9.8, is classified…
Each month, Cybersixgill’s threat experts provide insights into the latest tactics, techniques, and procedures employed by cybercriminals. Their reports shed light on emerging threats from the underground, detailing the actors involved and offering guidance on risk mitigation strategies. Regular updates on vulnerabilities, ransomware, and malware trends from the deep and…
Cybersecurity experts have identified a new peer-to-peer (P2P) worm named P2PInfect, which specifically targets vulnerable Redis installations for subsequent exploitation. Unlike many previous threats, P2PInfect can compromise Redis servers operating on both Linux and Windows platforms, making it a particularly formidable threat, as noted by researchers from Palo Alto Networks’…
Apache OpenMeetings Faces Critical Security Vulnerabilities Recent security findings have exposed multiple vulnerabilities in Apache OpenMeetings, a widely used web conferencing solution. These weaknesses could be exploited by malicious actors to potentially take control of administrative accounts and execute harmful code on compromised servers. The implications of these vulnerabilities could…
Recent disclosures have unveiled two significant security vulnerabilities within AMI MegaRAC Baseboard Management Controller (BMC) software, potentially enabling threat actors to remotely seize control of vulnerable servers and introduce malware. The identified vulnerabilities range in severity from High to Critical and include risks such as unauthenticated remote code execution and…
