Please turn on your JavaScript for this page to function normally.
Atlassian Confluence
Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that …

Juniper Networks
Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About …

ransomware
Akira ransomware attackers are wiping NAS and tape backups

“The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end of the year,” the Finnish National …

GitLab
Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)

A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While also vulnerable, users who have …

Cisco
Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)

Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root …

Bosch Rexroth NXA015S
Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that …

Cacti
SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information …

server room
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 …

xfinity
Citrix Bleed leveraged to steal data of 35+ million Comcast Xfinity customers

Telecommunications company Comcast has confirmed a breach that exposed personal information of more than 35.8 million of Xfinity customers. Exploiting Citrix Bleed to breach …

SSH
SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the …

cyber threat
Russian hackers target unpatched JetBrains TeamCity servers

Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish …

Apache Struts
Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)

Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. …

Don't miss

Cybersecurity news