#SecurityUpdates

Russian hackers exploit Roundcube zero-day to steal govt emails

by

October 25, 2023 at 09:19AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11. They have been exploiting a Roundcube Webmail zero-day vulnerability and using phishing emails to inject arbitrary JavaScript code. The group has also targeted Zimbra and previously exploited vulnerabilities in Roundcube … Read more

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

by

October 25, 2023 at 07:03AM VMware has released security updates to fix a critical flaw in the vCenter Server that could allow remote code execution. The vulnerability, tracked as CVE-2023-34048, is an out-of-bounds write issue in the DCE/RPC protocol. The company has urged users to apply the patches without delay as there are no workarounds … Read more