January 8, 2024

A critical vulnerability, designated as CVE-2023-51448, has been identified in the Cacti network performance monitoring tool.

January 5, 2024

Security researchers have observed a surge in IP addresses scanning or attempting to exploit Apache RocketMQ services that are susceptible to a remote command execution flaw, identified as CVE-2023-33246 and CVE-2023-37582.

January 4, 2024

Ivanti has issued a warning and fix for a critical remote code execution (RCE) vulnerability found in its Endpoint Management software (EPM).

January 3, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog with two new entries.

January 2, 2024

The Secure Shell (SSH) cryptographic network protocol, used for operating network services securely over an unsecured network, has a newly discovered vulnerability named Terrapin (CVE-2023-48795).

December 29, 2023

The Ukrainian Computer Emergency Response Team (CERT-UA) has issued a warning about a new phishing operation run by the APT28 group, which is linked to Russia.

December 28, 2023

Microsoft has once again deactivated the MSIX ms-appinstaller protocol handler, which has been exploited by numerous financially driven cybercriminal groups to distribute malware to Windows users.

December 27, 2023

The Operation Triangulation spyware has been targeting iPhone users since 2019, exploiting an undocumented feature in Apple chips to circumvent hardware-based security.

December 27, 2023

Barracuda, a firm specializing in network and email security, has announced that it patched a zero-day vulnerability in all active Email Security Gateway (ESG) appliances on December 21.

December 22, 2023

The Windows Common Log File System (CLFS), a high-performance logging system available for user- or kernel-mode software clients, has been exploited by attackers in recent years due to its kernel access and performance-oriented design.