May 30, 2024 at 11:16AM NIST is seeking outside assistance to address a backlog of unprocessed vulnerabilities in the National Vulnerability Database (NVD), with plans to improve processing rates and implement long-term solutions. CISA is collaborating with NIST to address the backlog, and a new project named Vulnrichment aims to enhance CVE records for improved … Read more
April 19, 2024 at 10:49AM VulnCheck, a startup focused on exploit intelligence, has successfully raised an $8 million seed-stage funding round led by Sorenson Ventures. The company, based in Lexington, Mass., aims to provide technology to prioritize vulnerabilities and offer an early-warning system for software exploitation activity. It differentiates itself through its delivery of machine-readable … Read more
March 8, 2024 at 11:56AM New proof-of-concept exploits are targeting the Atlassian Confluence Data Center and Confluence Server flaw, allowing attackers to execute code within Confluence’s memory without leaving a trace on the file system. Vulnerability CVE-2023-22527 has become a hub of malicious activity, with 30 unique in-the-wild exploits, including the use of the “infamous” … Read more
January 11, 2024 at 10:21AM Cybersecurity researchers have developed a proof-of-concept code exploiting a critical flaw in Apache OFBiz, allowing memory-resident payload execution. Despite a fix in version 18.12.11, threat actors attempt to exploit the flaw, aiming at vulnerable instances. The CVE-2023-51467 allows remote code execution, posing a serious threat despite security guardrails. Based on … Read more
December 6, 2023 at 09:52AM CISA removed CVE-2022-28958, a supposed critical flaw in a D-Link router, from its Known Exploited Vulnerability catalog after a review revealed it was not a real vulnerability. VulnCheck debunked the issue, originally believed to allow remote code execution. The flaw was included due to an invalid proof of concept but … Read more
October 16, 2023 at 08:24AM Chinese IoT and video surveillance product maker Milesight’s industrial cellular routers have a vulnerability that exposes system log files with passwords for administrators and users. Although the flaw has likely been patched for years, there have been some small-scale exploitation attempts observed. These routers are used in various sectors such … Read more