Security News

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)
2023-12-08 11:48

The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution. The vulnerability affects Apache Struts versions 2.0.0 through 2.5.32 and 6.0.0 through 6.3.0.1, and has been fixed in Apache Struts versions 2.5.33 and 6.3.0.2.

WordPress Releases Update 6.4.2 to Address Critical Remote Attack Vulnerability
2023-12-08 09:23

WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable...

Hackers Exploited ColdFusion Vulnerability to Breach Federal Agency Servers
2023-12-06 10:10

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of active exploitation of a high-severity Adobe ColdFusion vulnerability by unidentified threat actors to gain initial...

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)
2023-12-05 14:45

Russian state-backed hacking group Forest Blizzard has been using a known Microsoft Outlook vulnerability to target public and private entities in Poland, Polish Cyber Command has warned. The attacks were further analyzed by Polish Cyber Command, who confirmed that the threat actors have been gaining access to email accounts within Microsoft Exchange servers and modifying folder permissions within the victim's mailbox.

Microsoft Warns of Kremlin-Backed APT28 Exploiting Critical Outlook Vulnerability
2023-12-05 06:59

Microsoft on Monday said it detected Kremlin-backed nation-state activity exploiting a critical security flaw in its Outlook email service to gain unauthorized access to victims' accounts within...

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs
2023-12-01 18:52

Cybersecurity researchers from the firm Hunters discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs.According to the Hunters team, the vulnerability is based on Google Workspace's role in managing user identities across Google Cloud services.

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
2023-11-29 05:07

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program...

Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
2023-11-29 04:27

Google has rolled out security updates to fix seven security issues in its Chrome browser, including a zero-day that has come under active exploitation in the wild. Tracked as CVE-2023-6345, the...

Vulnerability disclosure: Legal risks and ethical considerations for researchers
2023-11-27 04:30

The conversation also touches on the broader ethical considerations in cybersecurity and the impact of emerging technologies on vulnerability disclosure practices and offers advice for cybersecurity professionals grappling with these critical decisions. Some might argue that in the interest of the public, public disclosure is the most ethical approach as it ensures the issue is closed as quick as possible.

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
2023-11-22 04:49

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and...