Security News

Fortinet Warns of Critical FortiOS SSL VPN Flaw Likely Under Active Exploitation
2024-02-09 07:45

Fortinet has disclosed a new critical security flaw in FortiOS SSL VPN that it said is likely being exploited in the wild. The vulnerability, CVE-2024-21762 (CVSS score: 9.6), allows for the...

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation
2024-02-06 06:58

A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver...

Newest Ivanti SSRF zero-day now under mass exploitation
2024-02-05 15:55

An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers. The exploitation volume of this particular vulnerability is far greater than that of other recently fixed or mitigated Ivanti flaws, indicating a clear shift in the attackers' focus.

CISA Warns of Active Exploitation Apple iOS and macOS Vulnerability
2024-02-01 05:02

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting iOS, iPadOS, macOS, tvOS, and watchOS to its Known Exploited Vulnerabilities...

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation
2024-01-31 13:38

Ivanti is alerting of two new high-severity flaws in its Connect Secure and Policy Secure products, one of which is said to have come under targeted exploitation in the wild. The list of...

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation
2024-01-23 09:34

Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence Server, within three days of public...

Ivanti Connect Secure zero-days now under mass exploitation
2024-01-16 01:05

Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control appliances are now under mass exploitation. While Ivanti is yet to release patches for these two actively exploited zero-days, admins are advised to apply mitigation measures provided by the vendor on all ICS VPNs on their network.

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
2024-01-12 06:35

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV)...

CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog
2023-11-17 05:57

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active...

CISA Alerts: High-Severity SLP Vulnerability Now Under Active Exploitation
2023-11-09 05:33

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday added a high-severity flaw in the Service Location Protocol to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552, the issue relates to a denial-of-service vulnerability that could be weaponized to launch massive DoS amplification attacks.