Please turn on your JavaScript for this page to function normally.
malware
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made …

China
Chinese APT40 group swifly leverages public PoC exploits

Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory …

MITRE
MITRE breach details reveal attackers’ successes and failures

MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the …

Ivanti
1,700 Ivanti VPN devices compromised. Are yours among them?

Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional …

Ivanti
Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers …

SysAid
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)

A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known …

Netscaler
(Re)check your patched NetScaler ADC and Gateway appliances for signs of compromise

Administrators of Citrix NetScaler ADC and Gateway appliances should check for evidence of installed webshells even if they implemented fixes for CVE-2023-3519 quickly: A …

Microsoft Exchange
Microsoft Exchange admins advised to expand antivirus scanning

After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those …

Microsoft Exchange
Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when …

atlassian confluence
Unpatched Atlassian Confluence zero-day exploited, fix expected today (CVE-2022-26134)

A critical zero-day vulnerability (CVE-2022-26134) in Atlassian Confluence Data Center and Server is under active exploitation, the software maker has warned on Thursday. …

tunnel
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)

An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …

Linux
Coinminers, web shells and ransomware made up 56% of malware targeting Linux systems in H1 2021

Trend Micro released a research on the state of Linux security in the first half of 2021. The report gives valuable insight into how Linux operating systems are being targeted …

Don't miss

Cybersecurity news