January 31, 2024

Ivanti has alerted its users about two new high-risk vulnerabilities in its Connect Secure and Policy Secure solutions, identified as CVE-2024-21888 and CVE-2024-21893, with CVSS scores of 8.8 and 8.2 respectively.

January 30, 2024

Attackers are exploiting two severe zero-day vulnerabilities in Ivanti VPNs to implement a set of Rust-based backdoors, which subsequently download a backdoor malware known as 'KrustyLoader'.

January 29, 2024

Researchers have discovered around 45,000 instances of Jenkins servers that are exposed online, making them susceptible to the critical remote code execution (RCE) flaw, CVE-2023-23897.

January 25, 2024

The Russian Advanced Persistent Threat (APT) group known as 'Midnight Blizzard', also recognized by names such as Nobelium, Cozy Bear, and APT29, has been implicated in data breaches at both Hewlett-Packard Enterprise (HPE) and Microsoft.

January 25, 2024

Cisco is alerting users to a significant remote code execution security issue that affects several of its Unified Communications Manager (CM) and Contact Center Solutions products.

January 23, 2024

A critical vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software has been targeted with an exploit code.

January 23, 2024

Fortra is alerting users to a new authentication bypass vulnerability affecting GoAnywhere MFT versions prior to 7.4.1.

January 23, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a VMware vCenter Server bug, known as CVE-2023-34048, to its Known Exploited Vulnerabilities (KEV) catalog.

January 22, 2024

Apple has rolled out security updates to address the first zero-day vulnerability of 2024 that has been actively exploited in attacks.

January 22, 2024

Ivanti, a software company, has issued a warning to administrators about a vulnerability that could expose VPN appliances to attacks.