RCE

Weekly Top 10 – 10.23.2023- Critical Vulnerability in Cisco IOS XE Leads to Over 30k Compromised Devices, Threat Actors Abuse Google Ads to Deliver Malware, QR Codes Used to Spread Malware and Steal Passwords, Coordinated Law Enforcement Effort Takes Down RagnarLocker Ransomware Gang

Critical Vulnerabilities discovered in WS_FTP Server software, Zero-day exploit in Exim Maill Server, Maximum Severity Vulnerabilities in Confulence, Looney-Toonable flaw in Linux Distributions GNU C Library, and 6 more cybersecurity stories...

October 23, 2023 08:00 GMT

Current Dependency Vulnerabilities Giving Us PTSD

Lately, it seems we’re all plagued by zero-day and dependency-related vulnerabilities. Log4Shell had everyone scrambling in 2021, and…

October 17, 2023 09:35 GMT

Weekly Top 10 – 10.16.2023- Critical Vulnerability in Cisco Emergency Responder Software, Desktop Linux Vulnerable to Remote Code Execution via LibCue, Vulnerability in Citrix NetScaler Login Pages Allows for Credential Theft, cURL Patches Two High-Severity Vulnerabilities

October 16, 2023 08:00 GMT

Weekly Top 10 – 10.9.2023- Zombie Zoom Links, Indeed.com Redirect Vulnerability Abused, CISA Adds Windows and JetBrains to KEV Catalogue, BING AI Convinced to Reveal CAPTCHA

October 9, 2023 06:00 GMT

Mitigating The Unpatched Office and Windows HTML RCE (CVE-2023-36884)

July 2023's Patch Tuesday released fixes for several vulnerabilities being actively exploited in the wild, but only identified mitigation for one particular unpatched zero-day that can allow HTML remote code execution as part of an initial attack.

July 18, 2023 18:32 GMT

Weekly Top Ten Cybersecurity Stories – 5.30.2023

Chinese hackers infiltrate U.S. and Guam infrastructure, Barracuda warns of exploited Zero-Day, GitLab emergency patch, and 7 more stories...

May 31, 2023 20:46 GMT

Weekly Top Ten Cybersecurity Stories – 1.27.2023

Threat actors pivot to Microsoft OneNote attachments, Federal agency breaches, Windows CryptoAPI vulnerability, and 7 more.

January 31, 2023 20:00 GMT

Critical Citrix ADC and Gateway Zero-Day Actively Exploited

Citrix has announced the release of an update to Citrix ADC and Gateway Appliance which patches CVE-2022-27518, a…

December 14, 2022 19:40 GMT

Increased Scanning Activity for Recent Exchange SSRF Vulnerabilities

OCTOBER 24, 2022 21:18 GMT Attempts to exploit the chained attack utilizing CVE-2022-41040 and CVE-2022-41082 are being observed…

October 24, 2022 21:16 GMT

Microsoft Warns of Two Actively-Exploited Exchange Zero-Days

SEPTEMBER 30, 2022 19:35 GMT This alert from Pillr is intended to brief users and administrators on newly…

September 30, 2022 22:44 GMT

Hand-Picked Top-Read Stories

Beyond Mobile Authentication: Exploring Complex Environments MFA Solutions

Weekly Top 10 – 12.04.2023- Google Patches the Sixth Chrome Zero-Day of 2023, Okta Breach Impacts All Users Who Worked with Support, Sinbad Bitcoin Mixer Seized, and more.

Trending Tags

Weekly Top 10 – 10.23.2023- Critical Vulnerability in Cisco IOS XE Leads to Over 30k Compromised Devices, Threat Actors Abuse Google Ads to Deliver Malware, QR Codes Used to Spread Malware and Steal Passwords, Coordinated Law Enforcement Effort Takes Down RagnarLocker Ransomware Gang

Current Dependency Vulnerabilities Giving Us PTSD

Weekly Top 10 – 10.16.2023- Critical Vulnerability in Cisco Emergency Responder Software, Desktop Linux Vulnerable to Remote Code Execution via LibCue, Vulnerability in Citrix NetScaler Login Pages Allows for Credential Theft, cURL Patches Two High-Severity Vulnerabilities

Weekly Top 10 – 10.9.2023- Zombie Zoom Links, Indeed.com Redirect Vulnerability Abused, CISA Adds Windows and JetBrains to KEV Catalogue, BING AI Convinced to Reveal CAPTCHA

Mitigating The Unpatched Office and Windows HTML RCE (CVE-2023-36884)

Weekly Top Ten Cybersecurity Stories – 5.30.2023

Weekly Top Ten Cybersecurity Stories – 1.27.2023

Critical Citrix ADC and Gateway Zero-Day Actively Exploited

Increased Scanning Activity for Recent Exchange SSRF Vulnerabilities

Microsoft Warns of Two Actively-Exploited Exchange Zero-Days

The New Standard of

Cybersecurity
Education

Innovate Cybersecurity Summit

Threat Advisories

Weekly Top 10 – 12.04.2023- Google Patches the Sixth Chrome Zero-Day of 2023, Okta Breach Impacts All Users Who Worked with Support, Sinbad Bitcoin Mixer Seized, and more.

Weekly Top 10 – 11.20.2023- Maine State Census Breached, Security Flaw in Google Workspace, “Royal Ransomware” Possibly ReBranding, and more

Weekly Top 10 – 11.13.2023- New North Korean-Linked MacOS Malware, Google Calendar CNC Abuse

Weekly Top 10 – 11.06.2023- Threat Actors Use Credentials Scraped from GitHub for Crypto Mining, Infamous Mozi IOT Botnet Goes Dark, HelloKitty Ransomware Gang Leverages Vulnerabilities in Apache, Boeing Confirms Cyberattack and Lockbit Claims Responsibility

Weekly Top 10 – 10.30.2023- Critical Vulnerabilities in SolarWinds Access Rights Manager, Zero-Day in Roundcube Exploited by Nation State Actors, VMWare VCenter Security Flaw Patched in End-of-Life Products, Vulnerabilities in Google Chrome Lead to Remote Code Execution

Education

Protecting Microsoft Teams From Data Exfiltration – A Tactical DLP Rule

Anatomy of a Data Breach

OpenAI Cybersecurity Research

Breach Report: Healthcare

Analysis of GalComm Chrome Extension Malware