CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)
Fortinet says a critical flaw in its SSL-VPN product may have been exploited in the wild in a limited number of cases. Organizations are strongly encouraged to apply these patches immediately....
CVE-2023-34362: MOVEIt Transfer Critical Zero-Day Vulnerability Exploited in the Wild
Discovery of a new zero-day vulnerability in MOVEit Transfer becomes the second zero-day disclosed in a managed file transfer solution in 2023, with reports suggesting that threat actors have stolen data from a number of organizations....
Volt Typhoon: International Cybersecurity Authorities Detail Activity Linked to Chinese-State Sponsored Threat Actor
Several international cybersecurity authorities from the United States, United Kingdom, Australia, Canada and New Zealand issue a joint advisory detailing tactics, techniques and procedures used in recent attacks by a Chinese state-sponsored threat actor....
U.S. and Australian Agencies Publish Joint Cybersecurity Advisory on BianLian Ransomware Group
The FBI, ACSC and CISA have released a joint cybersecurity advisory discussing the BianLian ransomware group....
Microsoft’s May 2023 Patch Tuesday Addresses 38 CVEs (CVE-2023-29336)
Microsoft addresses 38 CVEs including three zero-day vulnerabilities, two of which were exploited in the wild....
CVE-2023-20864: VMware Aria Operations for Logs Deserialization Vulnerability
VMware issues advisory to address two flaws in its VMware Aria Operations for Logs solution, including a critical deserialization flaw assigned a CVSSv3 score of 9.8....
Oracle April 2023 Critical Patch Update Addresses 231 CVEs
Oracle addresses 231 CVEs in its second quarterly update of 2023 with 433 patches, including 74 critical updates....
Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)
Microsoft addresses 97 CVEs, including one that was exploited in the wild as a zero day....
3CX Desktop App for Windows and macOS Reportedly Compromised in Supply Chain Attack
A softphone desktop application from 3CX, makers of a popular VoIP PBX solution used by over 600,000 organizations, has reportedly been trojanized as part of a supply chain attack...
OpenAI’s ChatGPT and GPT-4 Used as Lure in Phishing Email, Twitter Scams to Promote Fake OpenAI Tokens
Hoping to cash in on the massive interest around OpenAI’s GPT-4 – ChatGPT’s new multimodal model – scammers have launched phishing campaigns via email and Twitter designed to steal cryptocurrency. Check out how they’re carrying out the scams and how you can avoid becoming a victim....
Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)
Microsoft addresses 76 CVEs including two zero-days exploited in the wild, one of which was publicly disclosed....
FBI and CISA Release Cybersecurity Advisory on Royal Ransomware Group
The FBI and CISA have released a joint Cybersecurity Advisory discussing the Royal ransomware group....