Security News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity flaw in Adobe Acrobat Reader to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence...
A critical flaw in Atlassian Confluence Data Center and Server has been exploited by a state-backed threat actor, Microsoft's threat analysts have pinpointed. CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data Center and Server versions 8.0.0 and later, but then re-classified as an issue stemming from broken access control.
Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or...
Amazon Web Services (AWS), Cloudflare, and Google on Tuesday said they took steps to mitigate record-breaking distributed denial-of-service (DDoS) attacks that relied on a novel technique called...
Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Based on Cloudflare's data, several attacks leveraging Rapid Reset were nearly three times larger than the largest DDoS attack in Internet history.
Curl and libcurl, a client-side URL transfer library, are developed by the curl project, with the help of contributors and sponsors. CVE-2023-38545, a high severity flaw that affects both the libcurl library and the curl tool, and.
Arm has released security patches to contain a security flaw in the Mali GPU Kernel Driver that has come under active exploitation in the wild. Tracked as CVE-2023-4211, the shortcoming impacts...
Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities in WS FTP Server, another popular secure file transfer solution. CVE-2023-40044 is a.NET deserialization vulnerability that could allow an unauthenticated threat actor to execute remote commands on the underlying WS FTP Server operating system, and can be exploited via a HTTPS POST request.
A high-severity security flaw has been disclosed in the open-source OpenRefine data cleanup and transformation tool that could result in arbitrary code execution on affected systems. Tracked as...
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on...