Newswires

January 22, 2024

Outlook and Windows Programs Targeted by New NTLM Hash Leak Attacks
Data security firm Varonis has unearthed a fresh vulnerability and three attack techniques that could be employed to acquire NTLM v2 hashes by exploiting Microsoft Outlook and two Windows programs.
January 22, 2024

Critical Atlassian Confluence RCE Flaw Under Active Exploitation
Security experts have noticed hackers actively exploiting a critical remote code execution vulnerability, CVE-2023-22527, affecting outdated versions of Atlassian Confluence servers.
January 22, 2024

Rise in Godzilla Web Shell Attacks Exploiting Apache ActiveMQ Vulnerability
Cybersecurity researchers have noted a marked escalation in threat actor activity that is actively exploiting a now-fixed flaw in Apache ActiveMQ to deliver the Godzilla web shell onto compromised systems.
January 19, 2024

CISA Issues Emergency Directive to Address Ivanti Zero-Day Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has issued its first emergency directive for the year, instructing Federal Civilian Executive Branch (FCEB) agencies to urgently address two zero-day vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure.
January 19, 2024

Chinese Hackers Utilized VMware Vulnerability as Zero-Day for Two Years
A Chinese hacking group, UNC3886, has been found to have exploited a critical vulnerability in the vCenter Server (CVE-2023-34048) as a zero-day for approximately two years.
January 19, 2024

Critical vCenter Server Vulnerability Now Actively Exploited
VMware has officially confirmed that the critical vCenter Server vulnerability, CVE-2023-34048, has been exploited in the wild.
January 18, 2024

Critical Ivanti Authentication Bypass Bug Now Actively Exploited, Warns CISA
The Cybersecurity and Infrastructure Security Agency (CISA) has alerted about a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software that is currently being actively exploited.
January 17, 2024

CISA Mandates Federal Agencies to Address Citrix and Google Chrome Zero-Days Within Set Timeframes
CISA has issued an urgent directive to U.S. federal agencies, calling for immediate action against three recently patched zero-day vulnerabilities in Citrix NetScaler and Google Chrome.
January 16, 2024

GitHub Takes Precautionary Measures Following Discovery of Credential-Exposing Flaw
GitHub has taken steps to address a vulnerability, identified as CVE-2024-0200, that could have allowed attackers to access credentials within production containers via environment variables.
January 16, 2024

Citrix Issues Urgent Warning for Two Actively Exploited Zero-Day Vulnerabilities
Citrix has issued a warning to its customers about two zero-day vulnerabilities (CVE-2023-6548 and CVE-2023-6549) that are currently being exploited in attacks.

Previous 515253 Next

See VULNERA In Action

Meet with a team member to discuss your use cases and see a demo.

Schedule Now

By Solution

By Feature

I Want To…

Learn More

VULNERA vs Vulnerability Scanners

Security Assessment Buyers Guide

Resources

Resources

Blog

Threat Intelligence

I Want To…

Learn More

Top 10 Vulnerability Management Questions Answered

About

About

Partners

I Want To…

Learn More

Simplifying Vulnerability Management

Newswires

See VULNERA In Action

Quick Menu

Features

Subscribe