security update
Juniper Networks fixes flaws leading to RCE in firewalls and switches
Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers …
WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)
RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR …
Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)
CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden …
Ivanti Avalanche vulnerable to attack by unauthenticated, remote attackers (CVE-2023-32560)
Two stack-based buffer overflow bugs (collectively designated as CVE-2023-32560) have been discovered in Ivanti Avalanche, an enterprise mobility management solution. A buffer …
Major vulnerabilities discovered in data center solutions
Researchers have discovered serious security vulnerabilities in two widely used data center solutions: CyberPower’s PowerPanel Enterprise Data Center Infrastructure …
Google unveils stronger cellular security for Android 14
Google has revealed new cellular security mitigations that will be available for users and enterprises on its soon-to-be-released Android 14, and announced a new release …
Downfall attacks can gather passwords, encryption keys from Intel processors
A variety of Intel Core processors and the devices using them are vulnerable to “Downfall”, a new class of attacks made possible by CVE-2022-40982, which enables …
August 2023 Patch Tuesday: Microsoft fixes critical bugs in Teams, MSMQ
August 2023 Patch Tuesday is here; among the 76 CVE-numbered issues fixed by Microsoft this time around is a DoS vulnerability in .NET and Visual Studio (CVE-2023-38180) for …
PaperCut fixes bug that can lead to RCE, patch quickly! (CVE-2023-39143)
Horizon3.ai researchers have published some details (but no PoC for now, thankfully!) about CVE-2023-39143, two vulnerabilities in PaperCut application servers that could be …
Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)
Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been …
Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted …
Ivanti zero-day exploited to target Norwegian government (CVE-2023-35078)
A zero-day vulnerability (CVE-2023-35078) affecting Ivanti Endpoint Manager Mobile (EPMM) has been exploited to carry out an attack that affected 12 Norwegian ministries, the …
Featured news
Resources
Don't miss
- Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)
- 18 arrested in €300 million global credit card fraud scheme
- PortGPT: How researchers taught an AI to backport security patches automatically
- AI can flag the risk, but only humans can close the loop
- VulnRisk: Open-source vulnerability risk assessment platform