MrBeast Scams: Verified Accounts, DeepFakes Used in Impersonations to Promote Fake Giveaways on YouTube and TikTok
October 4, 2023MrBeast, the most popular YouTube creator as of October 2023, has been impersonated in a variety of scams on YouTube and TikTok, including a recent deepfake promoting a free iPhone giveaway
CVE-2023-22515: Zero-Day Vulnerability in Atlassian Confluence Data Center and Server Exploited in the Wild
October 4, 2023A critical zero-day vulnerability in Atlassian Confluence Data Center and Server has been exploited in the wild in a limited number of cases. Organizations should patch or apply the mitigation steps as soon as possible.
CVE-2023-40044, CVE-2023-42657: Progress Software Patches Multiple Vulnerabilities in WS_FTP Server
October 2, 2023Progress Software patches multiple flaws in its WS_FTP Server product, including a pair of critical flaws, one with a maximum CVSS rating of 10
CVE-2023-41064, CVE-2023-4863, CVE-2023-5129: Frequently Asked Questions for ImageIO and WebP/libwebp Zero-Day Vulnerabilities
September 27, 2023Frequently asked questions relating to vulnerabilities in Apple, Google and the open source libwebp library.
CVE-2023-29357, CVE-2023-24955: Exploit Chain Released for Microsoft SharePoint Server Vulnerabilities
September 27, 2023A proof-of-concept exploit chain has been released for two vulnerabilities in Microsoft SharePoint Server that can be exploited to achieve unauthenticated remote code execution.
Microsoft’s September 2023 Patch Tuesday Addresses 61 CVEs (CVE-2023-36761)
September 12, 2023Microsoft addresses 61 CVEs including two vulnerabilities that were exploited in the wild
CVE-2023-20269: Zero-Day Vulnerability in Cisco Adaptive Security Appliance and Firepower Threat Defense Reportedly Exploited by Ransomware Groups
September 11, 2023Ransomware groups including LockBit and Akira are reportedly exploiting a zero-day vulnerability in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) appliances with VPN functionality enabled.
AA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
September 7, 2023A joint Cybersecurity Advisory examines the exploitation of two critical vulnerabilities by nation-state threat actors.
CVE-2023-2868: Barracuda and FBI Recommend Replacing Email Security Gateway (ESG) Devices Immediately
August 30, 2023Since October 2022, attackers have been exploiting a zero-day vulnerability in Barracuda Email Security Gateway devices, and both the vendor and the FBI urge customers to replace these devices immediately.
CVE-2023-38035: Ivanti Sentry API Authentication Bypass Zero-Day Exploited in the Wild
August 22, 2023For the third time in a month, Ivanti discloses a zero-day vulnerability in one of its products that has been exploited in the wild
Microsoft’s August 2023 Patch Tuesday Addresses 73 CVEs (CVE-2023-38180)
August 8, 2023Microsoft addresses 73 CVEs, including one vulnerability exploited in the wild.
AA23-215A: 2022's Top Routinely Exploited Vulnerabilities
August 3, 2023A joint Cybersecurity Advisory collaborated on by multiple international agencies highlights the top routinely exploited vulnerabilities of 2022.