Please turn on your JavaScript for this page to function normally.
Jenkins
Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins have been made public and there’s evidence of …

Apple
Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type …

vmware
VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)

A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and …

Google Chrome
Google fixes actively exploited Chrome zero-day (CVE-2024-0519)

In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day (CVE-2024-0519) with an …

Atlassian Confluence
Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that …

Juniper Networks
Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About …

GitLab
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)

A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have …

Cisco
Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)

Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root …

patch Tuesday
Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)

For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the …

Cacti
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information …

patch tuesday
December 2023 Patch Tuesday: 33 fixes to wind the year down

Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day …

Apache Struts
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools