Help Net Security newsletters: Latest news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
Apache Struts
Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)

Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. …

Apache Struts
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code …

Log4j
The Log4j JNDI attack and how to prevent it

The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the …

Log4j
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

Log4j
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)

A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …

Apache Struts
Potential Apache Struts 2 RCE flaw fixed, PoCs released

Have you already updated your Apache Struts 2 to version 2.5.22, released in November 2019? You might want to, and quickly, as information about a potential RCE vulnerability …

WordPress
WordPress and Apache Struts weaponized vulnerabilities on the rise

Vulnerabilities in leading web and application frameworks, if exploited, can have devastating effects like the Equifax breach which affected 147 million people, according to …

vectors
As malware and network attacks increase in 2019, zero day malware accounts for 50% of detections

Amid significant increases in both malware and network attacks, multiple Apache Struts vulnerabilities – including one used in the devastating Equifax data breach – appeared …

Equifax
Equifax: A study in accountability but not authority responsibility

Like most of the security community, I have spent hours digesting the recently released U.S. House of Representatives Committee on Oversight and Government Reform report on …

Apache Struts
Apache Struts 2.3.x vulnerable to two year old RCE flaw

The Apache Software Foundation is urging users that run Apache Struts 2.3.x to update the Commons FileUpload library to close a serious vulnerability that could be exploited …

Cisco
Cisco fixes a host of security holes, including latest Apache Struts flaw

Cisco has plugged a heap of security holes – three of which are critical – in a variety of its products. The critical flaws The flaws deemed critical are: A DoS …

Apache Struts
PoC exploit for critical Apache Struts flaw found online

The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged …

Don't miss

Cybersecurity news