AA23-215A: 2022's Top Routinely Exploited Vulnerabilities
A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022....
CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core Unauthenticated API Access Vulnerability
Critical vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks...
FAQ for MOVEit Transfer Vulnerabilities and CL0P Ransomware Gang
Frequently asked questions relating to vulnerabilities in MOVEit Transfer, including one that was exploited by the prolific CL0P ransomware gang....
CVE-2023-20887: VMware Aria Operations for Networks Command Injection
VMware issues advisory to address three flaws in its VMware Aria Operations for Networks solution, including a critical command injection flaw assigned a CVSSv3 score of 9.8....
Microsoft’s June 2023 Patch Tuesday Addresses 70 CVEs (CVE-2023-29357)
Microsoft addresses 70 CVEs in its June 2023 Patch Tuesday update including six rated as critical....
Volt Typhoon: International Cybersecurity Authorities Detail Activity Linked to Chinese-State Sponsored Threat Actor
Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor....
Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)
Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild....
CVE-2023-20864: VMware Aria Operations for Logs Deserialization Vulnerability
VMware issues advisory to address two flaws in its VMware Aria Operations for Logs solution, including a critical deserialization flaw assigned a CVSSv3 score of 9.8....
Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)
Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day....
Microsoft’s February 2023 Patch Tuesday Addresses 75 CVEs (CVE-2023-23376)
Microsoft addresses 75 CVEs including three zero-day vulnerabilities that were exploited in the wild....
ProxyNotShell, OWASSRF, TabShell: Patch Your Microsoft Exchange Servers Now
Several flaws in Microsoft Exchange Server disclosed over the last two years continue to be valuable exploits for attackers as part of ransomware and targeted attacks against organizations that have yet to patch their systems. Patching the flaws outlined below is strongly recommended....
Sandworm APT Deploys New SwiftSlicer Wiper Using Active Directory Group Policy
Sandworm, the Russian-backed APT responsible for NotPetya in 2017, has recently attacked an Ukrainian organization using a new wiper, SwiftSlicer....