Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount
Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, …
Attackers are attempting to exploit critical F5 BIG-IP RCE
Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, …
Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems. …
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
Spring4Shell: No need to panic, but mitigations are advised
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …
Easily exploitable Linux bug gives root access to attackers (CVE-2022-0847)
An easily exploitable vulnerability (CVE-2022-0847) in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking …
Cisco plugs critical holes in small business routers
Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code …
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …
Apple fixes security feature bypass in macOS (CVE-2021-30892)
Apple has delivered a barrage of security updates for most of its devices this week, and among the vulnerabilities fixed are CVE-2021-30892, a System Integrity Protection …
Nagios XI vulnerabilities open enterprise IT infrastructure to attack
Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to …
Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)
A critical vulnerability (CVE-2021-34746) that affects Cisco Enterprise NFV Infrastructure Software (NFVIS) has been patched and Cisco is urging enterprise admins to quickly …
Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958)
A day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability …