Please turn on your JavaScript for this page to function normally.
alert
Attackers are attempting to exploit critical F5 BIG-IP RCE

Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, …

VMware
Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. …

Spring
CISA adds Spring4Shell to list of exploited vulnerabilities

It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …

Log4j
Log4Shell exploitation: Which applications may be targeted next?

Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …

bomb
Vulnerabilities and cyberattacks that marked the year 2021

Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. On any given day, security professionals …

Spring
Spring4Shell: New info and fixes (CVE-2022-22965)

In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …

Spring
Spring4Shell: No need to panic, but mitigations are advised

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …

attacks
Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)

A critical vulnerability (CVE-2022-1040) in Sophos Firewall is being exploited in the wild to target “a small set of specific organizations primarily in the South Asia …

malware
New cyberespionage campaign targeting ISPs, research entities

ESET Research discovered a still-ongoing cyberespionage campaign using a previously undocumented Korplug variant by the Mustang Panda APT group. The current campaign exploits …

zero
The not so scary truth about zero-day exploits

We don’t know what we don’t know; this is the quintessential problem plaguing security teams and the primary reason that zero-day exploits can cause such damage. …

Linux
Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)

An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking …

shark
Top threat activities this year

ZeroFox published a threat intelligence forecast for 2022, detailing expected cybercriminal behavior trends including ransomware, malware-as-a-service, vulnerabilities and …

Don't miss

Cybersecurity news