Security News

Apache issues patches for critical Struts 2 RCE bug
2024-12-12 13:31

More details released after devs allowed weeks to apply fixes We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity...

Three more vulns spotted in Ivanti CSA, all critical, one 10/10
2024-12-11 12:04

Patch up, everyone – that admin portal is mighty attractive to your friendly cyberattacker Ivanti just put out a security advisory warning of three critical vulnerabilities in its Cloud Services...

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
2024-12-11 02:59

Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code...

Seven Bolt-Ons to Make Your Entra ID More Secure for Critical Sessions
2024-12-09 11:00

Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many...

Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday'
2024-12-06 01:03

Redmond threat intel maven talks explains this persistent pain to The Reg A Chinese government-linked group that Microsoft tracks as Storm-0227 yesterday started targeting critical infrastructures...

Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
2024-12-05 14:56

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day,...

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
2024-12-04 11:16

Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution...

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
2024-12-04 05:34

Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The...

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
2024-12-04 05:08

A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the...

Exploit released for critical WhatsUp Gold RCE flaw, patch now
2024-12-03 19:00

A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon...