August 28, 2024 at 06:54AM CISA added a second Apache OFBiz flaw, CVE-2024-38856, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability allows unauthenticated remote code execution in impacted versions through 18.12.14. SonicWall, who discovered the flaw, described it as critical, with PoC exploits emerging in early August. This is the second Apache OFBiz vulnerability … Read more
July 18, 2024 at 11:03AM CISA and Adobe issued warnings about an actively exploited vulnerability in Adobe Commerce, allowing attackers to execute arbitrary code. Adobe released patches for affected versions and an isolated patch for the vulnerability. CISA included the vulnerability in its Known Exploited Vulnerabilities catalog, and federal agencies have until August 7 to … Read more
July 17, 2024 at 07:06AM A CVE-2024-27348-affected Apache HugeGraph-Server vulnerability is being exploited in attacks, as reported by SecurityWeek. Based on the meeting notes, it appears that a recently patched Apache HugeGraph-Server vulnerability, identified as CVE-2024-27348, is being targeted in attacks. Additionally, there are reports of the vulnerability being exploited in the wild as indicated … Read more
February 13, 2024 at 08:27AM Ivanti VPN vulnerability exploited to deploy new ‘DSLog’ backdoor, allowing command execution, web request, and system log theft. SecurityWeek reported the backdoor’s use following the exploit. Based on the meeting notes, the discussion revolved around the deployment of a backdoor using a recent vulnerability in Ivanti VPN. This backdoor allows … Read more
February 13, 2024 at 06:33AM CISA has included the CVE-2023-43770 Roundcube flaw in its exploited vulnerabilities catalog, raising concern over potential exploitation. This warning was conveyed in a post on SecurityWeek. As an executive assistant with expertise in generating clear takeaways from meeting notes, I would translate the information as follows: “In a recent update, … Read more
February 12, 2024 at 09:08AM Recent critical security issues continue to emerge from both vendors, with a brand-new vulnerability being exploited in the wild. This adds to the existing stream of security concerns within the platforms. It sounds like the meeting notes are highlighting brand-new vulnerabilities from both vendors, with at least one being exploited … Read more
December 22, 2023 at 06:45AM CISA released advisories for ICS vulnerabilities affecting FXC routers and QNAP NVR devices, exploited in the wild. The FXC flaw allows remote code execution via NTP server settings, affecting outlet wall routers in Japan. QNAP’s vulnerability, patched years ago, is being exploited by a Mirai-based malware campaign targeting legacy models. … Read more
October 16, 2023 at 03:13PM A critical vulnerability in Royal Elementor Addons and Templates up to version 1.3.78 is being actively exploited by hackers. The flaw, tracked as CVE-2023-5360, allows unauthenticated attackers to upload arbitrary files and potentially achieve remote code execution, compromising the websites. Two WordPress security firms have reported a significant increase in … Read more
October 10, 2023 at 07:58PM Microsoft has released over 100 security updates, including fixes for two bugs that are already being actively exploited. One of the vulnerabilities, known as Rapid Reset, is an HTTP/2 weakness that has been used since August to launch distributed denial of service (DDoS) attacks. Microsoft WordPad also has an information … Read more