Please turn on your JavaScript for this page to function normally.
WinRAR
Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831)

Financially-motivated attackers have exploited a zero-day vulnerability in WinRAR (CVE-2023-38831) to trick traders into installing malware that would allow them to steal …

Ivanti
Ivanti Sentry zero-day vulnerability exploited, patch ASAP! (CVE-2023-38035)

Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to …

Citrix ShareFile
Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)

CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden …

Netscaler
(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise

Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A …

VPN
Almost all VPNs are vulnerable to traffic-leaking TunnelCrack attacks

Several vulnerabilities that affect most VPN products out there can be exploited by attackers to read user traffic, steal user information, or even attack user devices, …

Macs are getting compromised to act as proxy exit nodes

AdLoad, well-known malware that has been targeting systems running macOS for over half a decade, has been observed delivering a new payload that – unbeknown to the …

intel
Downfall attacks can gather passwords, encryption keys from Intel processors

A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables …

patch tuesday
August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ

August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for …

PaperCut
PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)

Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be …

Microsoft Teams
Russian APT phished government employees via Microsoft Teams

An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says …

AWS
Attackers can turn AWS SSM agents into remote access trojans

Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual …

Isabela Fernandes
Delivering privacy in a world of pervasive digital surveillance: Tor Project’s Executive Director speaks out

The overarching mission of the US-based non-profit organization the Tor Project is to advance human rights and make open-source, privacy preserving software available to …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools