July 28, 2023

In a joint advisory released today, the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the U.S. National Security Agency (NSA) have alerted about the significant breach risks tied to insecure direct object reference (IDOR) vulnerabilities that affect web applications.

July 28, 2023

The exploitation of a recent critical vulnerability in Citrix ShareFile, a popular cloud-based file-sharing and collaboration solution, has begun.

July 27, 2023

Zimbra has rolled out security patches to address a zero-day vulnerability that was being exploited in attacks aimed at Zimbra Collaboration Suite (ZCS) email servers.

July 27, 2023

Maximus, a US government services contractor, has revealed a significant data breach, indicating that personal data of 8 to 11 million people was stolen during the recent MOVEit Transfer data-theft attacks.

July 27, 2023

Wiz Research has detected two significant privilege escalation vulnerabilities, labelled as CVE-2023-2640 and CVE-2023-32629, in the OverlayFS module of the Linux distribution Ubuntu.

July 26, 2023

On July 26, the SEC implemented a new regulation that obliges companies to reveal any substantial cybersecurity incidents they encounter.

July 26, 2023

Cybersecurity company Fortinet has revealed information about three critical and high-severity vulnerabilities in the Microsoft Message Queuing (MSMQ) service.

July 25, 2023

Atlassian has recently fixed three critical and high severity vulnerabilities that were impacting its Confluence Server, Data Center, and Bamboo Data Center products.

July 25, 2023

Approximately 900,000 routers from MikroTik, which are often targeted by threat actors including nation-state groups, are potentially exposed to a privilege escalation vulnerability in the RouterOS operating system.

July 25, 2023

VMware has released a fix for an information disclosure vulnerability in its VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment.