Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Ivanti
1,700 Ivanti VPN devices compromised. Are yours among them?

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional …

Ivanti
Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers …

Apple
Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)

With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against …

SysAid
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)

A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known …

roundcube
Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental …

Cisco
“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on …

Citrix
Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, …

Cisco
Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)

A previously unknown vulnerability (CVE-2023-20198) affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the …

patch Tuesday
October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty

UPDATE: October 10, 12:10 PM PT – October 2023 Patch Tuesday is now live: Microsoft fixes exploited WordPad, Skype for Business zero-days September has been a packed …

Apple
Apple patches another iOS zero-day under attack (CVE-2023-42824)

Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability (CVE-2023-42824) exploited in the wild. About CVE-2023-42824 CVE-2023-42824 is a …

Atlassian
Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)

Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made …

Qualcomm
Qualcomm patches 3 actively exploited zero-days

Qualcomm has fixed three actively exploited vulnerabilities (CVE-2023-33106, CVE-2023-33107, CVE-2023-33063) in its Adreno GPU and Compute DSP drivers. Vulnerabilities …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools