October 20, 2023 at 11:06AM Researchers discovered three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (ARM), allowing attackers to run code with SYSTEM privileges. SolarWinds ARM helps organizations manage and audit user access rights. The vendor promptly released a patch in version 2023.2.1 of the system. The vulnerabilities’ severity ratings are all … Read more
October 17, 2023 at 03:19PM Thousands of Internet exposed Cisco IOS XE devices have been infected by a threat actor exploiting an unpatched vulnerability. Cisco has disclosed the flaw, which allows arbitrary code execution, with a severity rating of 10 out of 10. The attacks have a global footprint and the compromised systems all have … Read more
October 13, 2023 at 06:18AM Dozens of vulnerabilities in the Squid caching and forwarding web proxy, discovered in 2021 by researcher Joshua Rogers, remain unpatched. Only a few flaws have been addressed, while 35 vulnerabilities still exist. The Squid Team lacks resources to address the issues, and the researcher suggests reassessing the use of Squid … Read more