Exploited Vulnerabilities Can Take Months to Make KEV List

November 20, 2023 at 06:40PM The Cybersecurity and Infrastructure Security Agency (CISA) has been criticized for delays in updating its Known Exploited Vulnerabilities (KEV) catalog. The catalog, which lists vulnerabilities that attackers are actively exploiting, often lags behind public disclosure of vulnerabilities and the release of proof-of-concept (PoC) code. CISA’s requirement for clear remediation guidance … Read more

Adobe Patch Tuesday: Critical Bugs in Acrobat, Reader, ColdFusion

November 14, 2023 at 01:45PM Adobe released a large batch of security fixes for critical-severity flaws in its Acrobat and Reader, ColdFusion, inDesign, inCopy, and Audition products. A total of 72 security bugs were addressed, including code-execution defects in Adobe Acrobat and Reader software. The patch bundle also covers vulnerabilities in RoboHelp Server, Photoshop, InDesign, … Read more

Adobe Acrobat Reader Vuln Now Under Attack

October 11, 2023 at 02:20PM The Cybersecurity Infrastructure & Security Agency (CISA) has added an Adobe Acrobat Reader bug to its list of exploited vulnerabilities. The bug (CVE-2023-21608) exists in multiple versions of Adobe Acrobat and Reader and allows remote execution of malicious code. CISA advises users to update their software, which was patched in … Read more