March 18, 2024 at 09:22AM Esports pros at the Apex Legends Global Series Pro League tournament were disrupted by suspected cyberattacks, with players given unauthorized cheats, leading to the event’s temporary shutdown. The attack may have exploited a vulnerability in the game, causing debate on the source of the breach. This rare interference highlights the … Read more
March 8, 2024 at 11:56AM New proof-of-concept exploits are targeting the Atlassian Confluence Data Center and Confluence Server flaw, allowing attackers to execute code within Confluence’s memory without leaving a trace on the file system. Vulnerability CVE-2023-22527 has become a hub of malicious activity, with 30 unique in-the-wild exploits, including the use of the “infamous” … Read more
January 25, 2024 at 12:59PM A new critical bug (CVE-2024-20253, 9.9 CVSS) in Cisco UC/CC solutions poses an unauthenticated remote code execution risk. Attackers can exploit the bug through specially crafted messages, potentially leading to data breaches, service disruption, and unauthorized system access. Cisco has issued patches and recommended interim measures to mitigate the vulnerability. … Read more
January 18, 2024 at 10:38AM Two vulnerabilities in Citrix’s NetScaler ADC and Gateway products, CVE-2023-6548 and CVE-2023-6549, have been patched. The first allows remote code execution with authentication and access to specific IPs, while the second can lead to a denial-of-service attack. Customers are advised to update their affected products promptly to prevent exploitation. Key … Read more
January 16, 2024 at 01:10PM A critical unauthenticated remote code execution (RCE) vulnerability affects Atlassian Confluence Data Center and Confluence Server versions released before Dec. 5 (CVE-2023-22527). The bug carries a 10/10 severity rating and affects versions 8.0.x to 8.5.3. Organizations should update to the latest versions to defend against potential cyber-attacks, as no mitigations … Read more
January 15, 2024 at 02:43PM Over 11,500 Juniper Networks devices are vulnerable to a new remote code execution (RCE) flaw, urging urgent patch application. Previously affected by critical RCE bugs, the latest CVE-2024-21591 impacts J-Web interface, with confirmed exposures and geographic stats. With the software’s threat potential and HPE’s acquisition of Juniper, administrators are advised … Read more
December 28, 2023 at 11:21AM Apache OFBiz, utilized for business operations, contains a critical pre-authentication remote code execution vulnerability, CVE-2023-49070, actively being exploited. A patch to resolve the issue was found incomplete, resulting in the discovered bypass flaw, CVE-2023-51467. The urgency for users to upgrade to version 18.12.11 is emphasized due to the risk of … Read more
December 15, 2023 at 04:21PM A critical remote code execution (RCE) vulnerability in Apache Struts 2 has raised significant concern due to active exploitation, affecting widely used Java applications and systems. The flaw poses a significant security risk to organizations worldwide. Recommendations include immediate software updates, as no mitigations are available. While complexities make widespread … Read more
December 8, 2023 at 04:48AM WordPress version 6.4.2 patches a critical security flaw potentially exploitable with plugins, particularly in multisite setups. The vulnerability stems from the WP_HTML_Token class and can lead to arbitrary PHP code execution when chained with other bugs. Patchstack advises developers to replace ‘unserialize’ function calls to prevent attacks. Takeaways from the … Read more
December 7, 2023 at 03:17PM WordPress version 6.4.2 fixes a critical RCE vulnerability, exploitable via a flaw in plugins or themes. Although the core issue isn’t critical alone, it can lead to arbitrary PHP code execution when combined with other vulnerabilities, particularly on multisite installations. Users are advised to manually verify their WordPress update. Meeting … Read more