Vulnerabilities

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Palo Alto Networks recommends patching vulnerable PAN-OS versions and mitigating network access to their management interface, which could allow an unauthenticated attacker to gain administrator privileges.

November 19, 2024 19:25 GMT

Update To OpenSSH Fixes Reintroduced Remote Code Execution Vulnerability

Administrators of Linux-based systems should update OpenSSH immediately to patch a flaw that can expose a remote code execution vulnerability.

July 2, 2024 12:35 GMT

Patch Now To Fix Critical RCE Vulnerability In ConnectWise ScreenConnect

ConnectWise has issued a patch for its ScreenConnect product to fix two vulnerabilities that provide a low-effort authentication bypass and path traversal, potentially allowing remote code execution or access to private systems and data. Admins are encouraged to apply the patch ASAP.

February 21, 2024 17:04 GMT

Mitigating The Unpatched Office and Windows HTML RCE (CVE-2023-36884)

July 2023's Patch Tuesday released fixes for several vulnerabilities being actively exploited in the wild, but only identified mitigation for one particular unpatched zero-day that can allow HTML remote code execution as part of an initial attack.

July 18, 2023 18:32 GMT

March 2023 Patch Tuesday Closes Two Zero-Days Actively Exploited By State-Sponsored Actors

Microsoft's Patch Tuesday for March 2023 fixes more than 80 vulnerabilities, 9 of which are rated critical severity, and 2 zero-days—an Outlook Elevation of Privilege Vulnerability (CVE-2023-23397) and a Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2023-24880). Administrators are encouraged to apply updates ASAP. If this is not possible, there are some mitigating actions to be taken.

March 15, 2023 18:37 GMT

Critical Citrix ADC and Gateway Zero-Day Actively Exploited

Citrix has announced the release of an update to Citrix ADC and Gateway Appliance which patches CVE-2022-27518, a…

December 14, 2022 19:40 GMT

Increased Scanning Activity for Recent Exchange SSRF Vulnerabilities

OCTOBER 24, 2022 21:18 GMT Attempts to exploit the chained attack utilizing CVE-2022-41040 and CVE-2022-41082 are being observed…

October 24, 2022 21:16 GMT

Microsoft Warns of Two Actively-Exploited Exchange Zero-Days

SEPTEMBER 30, 2022 19:35 GMT This alert from Pillr is intended to brief users and administrators on newly…

September 30, 2022 22:44 GMT

CISA Warns of Exploited DDoS Vulnerability Impacting Palo Alto Firewalls

A new vulnerability in Palo Alto's PAN-OS affects firewalls, opening them up to potential amplified and reflected DDoS attacks.

August 25, 2022 19:28 GMT

VMWare Patches Severe Vulnerabilities Across Multiple Platforms

Earlier this week, VMWare published a critical security advisory that addresses security vulnerabilities in multiple product lines, including…

August 4, 2022 15:00 GMT

Hand-Picked Top-Read Stories

The Necessity of Real-Time AI Playbook Updates

Weekly Top 10: 07.14.2025: DoNot APT Group Targets European Government Entities; McDonald’s AI Hiring System Exposed 64 Million Applicants; Malicious Browser Extensions Infect 2.3 Million Users, and More.

Trending Tags

Vulnerabilities

Palo Alto Recommends Urgent Mitigation For Authentication Bypass Vulnerability in PAN-OS

Update To OpenSSH Fixes Reintroduced Remote Code Execution Vulnerability

Patch Now To Fix Critical RCE Vulnerability In ConnectWise ScreenConnect

Mitigating The Unpatched Office and Windows HTML RCE (CVE-2023-36884)

March 2023 Patch Tuesday Closes Two Zero-Days Actively Exploited By State-Sponsored Actors

Critical Citrix ADC and Gateway Zero-Day Actively Exploited

Increased Scanning Activity for Recent Exchange SSRF Vulnerabilities

Microsoft Warns of Two Actively-Exploited Exchange Zero-Days

CISA Warns of Exploited DDoS Vulnerability Impacting Palo Alto Firewalls

VMWare Patches Severe Vulnerabilities Across Multiple Platforms

2025

Threat Advisories

Weekly Top 10: 07.14.2025: DoNot APT Group Targets European Government Entities; McDonald’s AI Hiring System Exposed 64 Million Applicants; Malicious Browser Extensions Infect 2.3 Million Users, and More.

Weekly Top 10: 06.30.2025: Cybercrime Surging Across Africa; New Exploits Target CitrixBleed-2 Vulnerability; Microsoft 365 Abuse Enables Phishing from Trusted Sources, and More.

Weekly Top 10: 06.23.2025: Initial Access Broker of Ransomware Group Ryuk Extradited to the U.S.; Cloudflare Blocked a Record 7.3 Tbps DDoS Attack; Record 16 Billion Credentials Leaked on Hacking Forum, and More.

Weekly Top 10: 06.16.2025: Fog Ransomware: Unusual Toolset Used in Recent Attack; EchoLeak: Critical Zero-Click AI Vulnerability in Microsoft 365 Copilot; Stealth Falcon’s Exploit of Microsoft Zero-Day Vulnerability, and More.

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware