Mandiant
Citrix Bleed: Mass exploitation in progress (CVE-2023-4966)
CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by …
VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)
VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its …
Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)
A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, …
(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise
Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A …
North Korean hackers targeted tech companies through JumpCloud and GitHub
North Korean state-sponsored hackers have been linked to two recent cyberattack campaigns: one involving a spear-phishing attack on JumpCloud and the other targeting tech …
Empowering Google security and networking solutions with AI
In this Help Net Security interview, Sunil Potti, GM and VP of Cloud Security at Google Cloud, talks about how new security and networking solutions powered by AI help improve …
MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362)
The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: …
Attackers hacked Barracuda ESG appliances via zero-day since October 2022
Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of …
Photos: RSA Conference 2023, part 2
RSA Conference 2023 is taking place at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is …
Organizations are stepping up their game against cyber threats
Global median dwell time drops to just over two weeks, reflecting the essential role partnerships and the exchange of information play in building a more resilient …
3CX breach linked to previous supply chain compromise
Pieces of the 3CX supply chain compromise puzzle are starting to fall into place, though we’re still far away from seeing the complete picture. In the meantime, we now …
3CX compromise: More details about the breach, new PWA app released
3CX has released an interim report about Mandiant’s findings related to the compromise the company suffered last month, which resulted in a supply chain attack targeting …
Featured news
Resources
Don't miss
- Okta users under attack: Modern phishing kits are turbocharging vishing attacks
- One-time SMS links that never expire can expose personal data for years
- More employees get AI tools, fewer rely on them at work
- Energy sector orgs targeted with AiTM phishing campaign
- Exposed training apps are showing up in active cloud attacks