-
Arm warns of Mali GPU flaws likely exploited in targeted attacks
Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers.
- October 02, 2023
- 12:37 PM
0
-
Google fixes fifth actively exploited Chrome zero-day of 2023
Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today.
- September 27, 2023
- 06:12 PM
3
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
- September 26, 2023
- 10:20 AM
- 0
-
Apple emergency updates fix 3 new zero-days exploited in attacks
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year.
- September 21, 2023
- 01:57 PM
- 1
-
Trend Micro fixes endpoint protection zero-day used in attacks
Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks.
- September 19, 2023
- 05:11 PM
- 0
-
Apple backports BLASTPASS zero-day fix to older iPhones
Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.
- September 12, 2023
- 09:42 AM
- 0
-
September Android updates fix zero-day exploited in attacks
The September 2023 Android security updates tackle 33 vulnerabilities, including a zero-day bug currently targeted in the wild.
- September 06, 2023
- 12:20 PM
- 1
-
Hackers exploit MinIO storage system to breach corporate networks
Hackers are exploiting two recent MinIO vulnerabilities to breach object storage systems and access private information, execute arbitrary code, and potentially take over servers.
- September 04, 2023
- 12:45 PM
- 0
-
Hackers exploit critical Juniper RCE bug chain after PoC release
Hackers have started using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface.
- August 29, 2023
- 10:51 AM
- 0
-
Exploit released for Ivanti Sentry bug abused as zero-day in attacks
Proof-of-concept exploit code is now available for a critical Ivanti Sentry authentication bypass vulnerability that enables attackers to execute code remotely as root on vulnerable systems.
- August 24, 2023
- 11:20 AM
- 0
-
Over 3,000 Openfire servers vulnerable to takover attacks
Thousands of Openfire servers remain vulnerable to CVE-2023-32315, an actively exploited and path traversal vulnerability that allows an unauthenticated user to create new admin accounts.
- August 23, 2023
- 03:36 PM
- 0
-
WinRAR zero-day exploited since April to hack trading accounts
A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts.
- August 23, 2023
- 09:53 AM
- 0
-
Ivanti warns of new actively exploited MobileIron zero-day bug
US-based IT software company Ivanti warned customers today that a critical Sentry API authentication bypass vulnerability is being exploited in the wild.
- August 21, 2023
- 11:28 AM
- 0
-
CISA warns of critical Citrix ShareFile flaw exploited in the wild
CISA is warning that a critical Citrix ShareFile secure file transfer vulnerability tracked as CVE-2023-24489 is being targeted by unknown actors and has added the flaw to its catalog of known security flaws exploited in the wild.
- August 16, 2023
- 05:31 PM
- 2
-
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router
Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the end-of-life Zyxel P660HN-T1A router in thousands of daily attacks.
- August 10, 2023
- 04:35 PM
- 0
-
Microsoft Office update breaks actively exploited RCE attack chain
Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks.
- August 08, 2023
- 04:15 PM
- 0
-
Hackers exploit BleedingPipe RCE to target Minecraft servers, players
Hackers are actively exploiting a 'BleedingPipe' remote code execution vulnerability in Minecraft mods to run malicious commands on servers and clients, allowing them to take control of the devices.
- July 31, 2023
- 10:33 AM
- 3
-
Zimbra patches zero-day vulnerability exploited in XSS attacks
Two weeks after the initial disclosure, Zimbra has released security updates that patch a zero-day vulnerability exploited in attacks targeting Zimbra Collaboration Suite (ZCS) email servers.
- July 27, 2023
- 02:57 PM
- 0
-
Ivanti patches MobileIron zero-day bug exploited in attacks
US-based IT software company Ivanti has patched an actively exploited zero-day authentication bypass vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core).
- July 24, 2023
- 04:05 PM
- 0
-
Adobe fixes patch bypass for exploited ColdFusion CVE-2023-29298 flaw
Adobe released an emergency ColdFusion security update that fixes critical vulnerabilities, including a fix for a new zero-day exploited in attacks.
- July 19, 2023
- 04:37 PM
- 0
