Please turn on your JavaScript for this page to function normally.
ownCloud
Critical ownCloud flaw under attack (CVE-2023-49103)

Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in …

Phishing
New twist on ZeroFont phishing technique spotted in the wild

Cybercriminals are leveraging the ZeroFont technique to trick users into trusting phishing emails, SANS ISC handler Jan Kopriva has warned. The ZeroFont phishing attack …

Apache NiFi
Someone is roping Apache NiFi servers into a cryptomining botnet

If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on …

Google ads
Google ads increasingly pointing to malware

The FBI has recently warned the public about search engine ads pushing malware diguised as legitimate software – an old tactic that has lately resulted in too many …

alert
Attackers are attempting to exploit critical F5 BIG-IP RCE

Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, …

Windows
Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)

Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy …

Spring
Spring4Shell: No need to panic, but mitigations are advised

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …

Log4j
Log4Shell: A new fix, details of active attacks, and risk mitigation recommendations

Due to the extraordinary widespread use of the open-source Apache Log4j library, the saga of the Log4Shell (CVE-2021-44228) vulnerability is nowhere near finished. As Dr. …

Log4j
Log4Shell update: Attack surface, attacks in the wild, mitigation and remediation

Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular …

LinkedIn
Phishers tricking users via fake LinkedIn Private Shared Document

Phishers are trying to trick users into opening a “LinkedIn Private Shared Document” and entering their login credentials into a fake LinkedIn login page, security …

Oracle
Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle …

Citrix
Attackers are probing Citrix controllers and gateways through recently patched flaws

Earlier this week, Citrix released security updates for Citrix Application Delivery Controller (ADC), Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins …

Don't miss

Cybersecurity news