enterprise
PoC for Arcserve UDP authentication bypass flaw published (CVE-2023-26258)
An authentication bypass vulnerability (CVE-2023-26258) in the Arcserve Unified Data Protection (UDP) enterprise data protection solution can be exploited to compromise admin …
Microsoft Teams vulnerability allows attackers to deliver malware to employees
Security researchers have uncovered a bug that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox. “Organisations that use …
VMware Aria Operations for Networks vulnerability exploited in the wild (CVE-2023-20887)
CVE-2023-20887, a pre-authentication command injection vulnerability in VMware Aria Operations for Networks (formerly vRealize Network Insight), has been spotted being …
VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)
VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network …
Switzerland under cyberattack
Swiss government websites are under DDoS attacks, but several ransomware gangs have also turned their sights on Swiss government organizations, cantonal governments, cities …
The multiplying impact of BEC attacks
The 2023 Verizon Data Breach Investigations Report (DBIR) has confirmed what FBI’s Internet Crime Complaint Center has pointed out earlier this year: BEC scammers are …
MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims
The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been …
MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)
The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: …
MOVEit Transfer zero-day attacks: The latest info
There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – …
Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!
UPDATE (June 2, 2023, 05:55 a.m. ET): Check out our update on this evolving situation. A critical zero-day vulnerability in Progress Software’s enterprise managed file …
Threat actors can exfiltrate data from Google Drive without leaving a trace
Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga …
Vulnerability in Zyxel firewalls may soon be widely exploited (CVE-2023-28771)
A recently fixed command injection vulnerability (CVE-2023-28771) affecting a variety Zyxel firewalls may soon be exploited in the wild, Rapid7 researchers have warned, after …
Featured news
Resources
Don't miss
- Unpatched Windows vulnerability continues to be exploited by APTs (CVE-2025-9491)
- CISA and partners take action as Microsoft Exchange security risks mount
- Shadow AI: New ideas emerge to tackle an old problem in new form
- AI chatbots are sliding toward a privacy crisis
- You can’t audit how AI thinks, but you can audit what it does