September 19, 2024 at 06:57PM CISA added five flaws to its Known Exploited Vulnerabilities catalog, including a critical remote code execution (RCE) flaw in Apache HugeGraph-Server (CVE-2024-27348). It urges users to apply mitigations or discontinue use by October 9, 2024. The product is vital for various sectors and has older vulnerabilities added for documentation purposes. … Read more
September 19, 2024 at 11:06AM CISA added critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including two Oracle flaws (CVE-2022-21445 and CVE-2020-14644). These can be exploited for remote code execution and system takeover. The flaws impact Oracle Fusion Middleware’s JDeveloper and WebLogic Server, and are linked to reported attacks on major organizations’ systems. Key … Read more
July 24, 2024 at 10:42AM CISA added a recent Twilio Authy bug, tracked as CVE-2024-39891, to its Known Exploited Vulnerabilities catalog due to an information disclosure issue. Twilio warned of the vulnerability and urged users to update to versions 25.1.0 for Android and 26.1.0 for iOS. No Twilio systems were compromised, and CISA urged vulnerable … Read more
June 6, 2024 at 06:44AM CISA added the 7-year-old Oracle vulnerability CVE-2017-3506 to its KEV catalog due to ongoing exploitation by Chinese cybercriminals. Recent research by Trend Micro found Water Sigbin leveraging this vulnerability to deploy cryptocurrency miners and evade detection. Patching is an issue, with Oracle potentially planning a special patch release due to … Read more
May 9, 2024 at 08:57AM The US cybersecurity agency, CISA, has launched the Vulnrichment project to enhance CVE records with CPE, CVSS, CWE, and KEV data. The project aims to prioritize remediation efforts, spot trends, and prompt vendors to address entire classes of vulnerabilities. CISA has enriched 1,300 CVEs and encourages all CNAs to offer … Read more
November 17, 2023 at 08:09AM The US cybersecurity agency CISA has added vulnerabilities from Sophos, Oracle, and Microsoft to its Known Exploited Vulnerabilities (KEV) catalog. The Sophos flaw, CVE-2023-1671, has been exploited in attacks and allows for arbitrary code execution. There have been reports of Chinese threat actors exploiting Sophos vulnerabilities. CISA’s KEV list also … Read more