February 2, 2024 at 01:37PM A critical vulnerability in Mastodon, a decentralized social network, can be exploited by attackers to take over user accounts remotely. An urgent upgrade is needed for versions prior to 3.5.17 and 4.0.x/4.1.x/4.2.x releases. The platform’s decentralized nature poses unique security management challenges, but a fast patch response has been observed. … Read more
January 31, 2024 at 12:48PM Ivanti is urgently addressing two high-severity vulnerabilities in its Connect Secure and Policy Secure VPN products, discovered during the investigation of zero-day attacks. The company has started rolling out patches for critical bugs and issued an alert to its customers to test and deploy available fixes promptly. Digital forensics firm … Read more
January 16, 2024 at 01:10PM A critical unauthenticated remote code execution (RCE) vulnerability affects Atlassian Confluence Data Center and Confluence Server versions released before Dec. 5 (CVE-2023-22527). The bug carries a 10/10 severity rating and affects versions 8.0.x to 8.5.3. Organizations should update to the latest versions to defend against potential cyber-attacks, as no mitigations … Read more
December 12, 2023 at 11:53AM A critical unauthenticated RCE bug in the Backup Migration plug-in for WordPress, tracked as CVE-2023-6553, allows threat actors to execute arbitrary PHP code and compromise sites. Wordfence blocked 39 attacks targeting this vulnerability, prompting a patch release by BackupBliss. All versions up to 1.3.7 are vulnerable; users should update to … Read more
November 10, 2023 at 02:16PM The recent ransomware attack on the Industrial and Commercial Bank of China (ICBC) may be linked to a vulnerability in Citrix’s NetScaler technology. The vulnerability, known as “CitrixBleed,” allows attackers to steal sensitive information and hijack user sessions. It has a severity score of 9.4 out of 10 and has … Read more
November 6, 2023 at 12:40PM Attackers are exploiting a critical security flaw in Atlassian Confluence to encrypt files with Cerber ransomware. The flaw, tracked as CVE-2023-22518, received a severity rating of 9.1/10 and affects all versions of Confluence Data Center and Confluence Server software. Although there are currently no reports of active exploitation, Atlassian has … Read more
November 3, 2023 at 05:59PM Proof of concept exploit code for a critical vulnerability in Atlassian’s Confluence Data Center and Server technology is now publicly available. The vulnerability, assigned CVE-2023-22518 and rated 9.1 out of 10 in severity, poses a risk of data loss. At least 36 unique IP addresses have been observed attempting to … Read more
October 20, 2023 at 04:34PM Eight critical vulnerabilities have been discovered in SolarWinds’ Access Rights Manager Tool, exposing unpatched systems to potential privilege escalation by attackers. The vulnerabilities range from allowing remote code execution to performing local privilege escalation. A new ARM version, 2023.2.1, has been released to fix the vulnerabilities, and SolarWinds clients are … Read more
October 17, 2023 at 09:06AM US authorities have urged network admins to patch a critical vulnerability in Atlassian Confluence Data Center and Server due to ongoing nation-state exploitation. The potential consequences of the exploit are severe, as attackers could create new admin accounts for themselves. The attackers have already demonstrated sophistication by attempting to modify … Read more