Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Bosch Rexroth NXA015S
Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that …

Cacti
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information …

server room
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 …

xfinity
Citrix Bleed leveraged to steal data of 35+ million Comcast Xfinity customers

Telecommunications company Comcast has confirmed a breach that exposed personal information of more than 35.8 million of Xfinity customers. Exploiting Citrix Bleed to breach …

SSH
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the …

cyber threat
Russian hackers target unpatched JetBrains TeamCity servers

Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish …

Apache Struts
Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)

Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. …

Log4j
Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware

North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D …

Apache Struts
New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code …

Atlassian
Atlassian fixes four critical RCE vulnerabilities, patch quickly!

Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could …

Adobe ColdFusion
CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the …

router
21 high-risk vulnerabilities in OT/IoT routers found

Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The “SIERRA:21 – Living on the Edge” report features research …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools