Vulnerabilities

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Palo Alto Networks recommends patching vulnerable PAN-OS versions and mitigating network access to their management interface, which could allow an unauthenticated attacker to gain administrator privileges.

November 19, 2024 19:25 GMT

Update To OpenSSH Fixes Reintroduced Remote Code Execution Vulnerability

Administrators of Linux-based systems should update OpenSSH immediately to patch a flaw that can expose a remote code execution vulnerability.

July 2, 2024 12:35 GMT

Patch Now To Fix Critical RCE Vulnerability In ConnectWise ScreenConnect

ConnectWise has issued a patch for its ScreenConnect product to fix two vulnerabilities that provide a low-effort authentication bypass and path traversal, potentially allowing remote code execution or access to private systems and data. Admins are encouraged to apply the patch ASAP.

February 21, 2024 17:04 GMT

Mitigating The Unpatched Office and Windows HTML RCE (CVE-2023-36884)

July 2023's Patch Tuesday released fixes for several vulnerabilities being actively exploited in the wild, but only identified mitigation for one particular unpatched zero-day that can allow HTML remote code execution as part of an initial attack.

July 18, 2023 18:32 GMT

March 2023 Patch Tuesday Closes Two Zero-Days Actively Exploited By State-Sponsored Actors

Microsoft's Patch Tuesday for March 2023 fixes more than 80 vulnerabilities, 9 of which are rated critical severity, and 2 zero-days—an Outlook Elevation of Privilege Vulnerability (CVE-2023-23397) and a Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-24880). Administrators are encouraged to apply updates ASAP. If this is not possible, there are some mitigating actions to be taken.

March 15, 2023 18:37 GMT

Critical Citrix ADC and Gateway Zero-Day Actively Exploited

Citrix has announced the release of an update to Citrix ADC and Gateway Appliance which patches CVE-2022-27518, a…

December 14, 2022 19:40 GMT

Increased Scanning Activity for Recent Exchange SSRF Vulnerabilities

OCTOBER 24, 2022 21:18 GMT Attempts to exploit the chained attack utilizing CVE-2022-41040 and CVE-2022-41082 are being observed…

October 24, 2022 21:16 GMT

Microsoft Warns of Two Actively-Exploited Exchange Zero-Days

SEPTEMBER 30, 2022 19:35 GMT This alert from Pillr is intended to brief users and administrators on newly…

September 30, 2022 22:44 GMT

CISA Warns of Exploited DDoS Vulnerability Impacting Palo Alto Firewalls

A new vulnerability in Palo Alto's PAN-OS affects firewalls, opening them up to potential amplified and reflected DDoS attacks.

August 25, 2022 19:28 GMT

VMWare Patches Severe Vulnerabilities Across Multiple Platforms

Earlier this week, VMWare published a critical security advisory that addresses security vulnerabilities in multiple product lines, including…

August 4, 2022 15:00 GMT

Hand-Picked Top-Read Stories

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

What Happened To The Internet Archive?

Trending Tags

Vulnerabilities

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Update To OpenSSH Fixes Reintroduced Remote Code Execution Vulnerability

Patch Now To Fix Critical RCE Vulnerability In ConnectWise ScreenConnect

Mitigating The Unpatched Office and Windows HTML RCE (CVE-2023-36884)

March 2023 Patch Tuesday Closes Two Zero-Days Actively Exploited By State-Sponsored Actors

Critical Citrix ADC and Gateway Zero-Day Actively Exploited

Increased Scanning Activity for Recent Exchange SSRF Vulnerabilities

Microsoft Warns of Two Actively-Exploited Exchange Zero-Days

CISA Warns of Exploited DDoS Vulnerability Impacting Palo Alto Firewalls

VMWare Patches Severe Vulnerabilities Across Multiple Platforms

Threat Advisories

Weekly Top 10: 11.18.2024: Microsoft Exchange Adds Warning to Emails Abusing Spoofing Flaw; Evasive ZIP Concatenation: Trojan Targets Windows Users; Microsoft November 2024 Patch Tuesday Fixes 4 Zero-Days, 89 Flaws, and More.

Weekly Top 10: 11.11.2024: Veeam Backup Exploit Used by Frag Ransomware; North Korean Hackers Use macOS Malware to Steal Crypto; Palo Alto PAN-OS May be Vulnerable to RCE, and More.

Weekly Top 10: 11.04.2024: Android Malware ‘FakeCall’ Hijacks Outgoing Calls; PTZ Cameras Being Targeted Using Two Zero-Days; Hacker Group TeamTNT Targets Docker Environments, and More.

Weekly Top 10: 10.28.2024: Severe Flaws in E2EE Cloud Storage Platforms Used by Millions; ClickFix Tactic: The Phantom Meet; Firm Hacked After Accidentally Hiring North Korean Cyber Criminal, and More.

Weekly Top 10: 10.21.2024: North Korean Threat Actors Target ATMs; BianLian Claims Responsibility for Attack on Children’s Hospital; Hacker Behind the Infamous NPD Breach Arrested by Brazilian Authorities, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware